Lucene search
PRIOn knowledge basePRION:CVE-2023-43642HistorySep 25, 2023 - 8:15 p.m.
Input validation
2023-09-2520:15:00
PRIOn knowledge base
www.prio-n.com
11
java
vulnerability
dos
compression
chunk size
release
upgrade
trusted sources
0.0005 Low
EPSS
Percentile
17.0%
snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit 9f8c3cf74 which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.
| CPE | Name | Operator | Version |
|---|---|---|---|
| snappy-java | lt | 1.1.10.4 |
Related
ibm
ibm
redhatcve
redhatcve
CVE-2023-43642
2023-10-02 10:24:58
ubuntucve
ubuntucve
CVE-2023-43642
2023-09-25 00:00:00
cgr
cgr
CVE-2023-43642 vulnerabilities
2024-05-19 03:07:16
osv
osv
CVE-2023-43642
2023-09-25 20:15:11
atlassian
atlassian
debiancve
debiancve
CVE-2023-43642
2023-09-25 20:15:11
cvelist
cvelist
CVE-2023-43642 Missing upper bound check on chunk length in snappy-java
2023-09-25 19:03:49
nvd
nvd
CVE-2023-43642
2023-09-25 20:15:11
veracode
veracode
Denial Of Service (DoS)
2023-10-27 18:43:36
cve
cve
CVE-2023-43642
2023-09-25 20:15:11
wolfi
wolfi
CVE-2023-43642 vulnerabilities
2024-06-22 21:09:10
github
github
redhat
redhat
nessus
nessus
RHEL 8 : log4j (Unpatched Vulnerability)
2024-06-03 00:00:00
Oracle Business Intelligence Enterprise Edition (OAS 7.0) (January 2024 CPU)
2024-01-29 00:00:00
RHEL 9 : log4j (Unpatched Vulnerability)
2024-06-03 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00