CVE-2026-44302

Name of the Vulnerable Software and Affected Versions Snappier (affected versions not specified)

Description A denial of service issue exists where Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream. This occurs when the SnappyStreamDecompressor.Decompress function repeatedly calls Crc32CAlgorithm.Append, resulting in a userspace busy loop. An attacker providing crafted bytes can cause the process to consume a thread indefinitely, and because no exception is thrown, the operation cannot be recovered using try/catch blocks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.