Lucene search

K
redhatcveRedhat.comRH:CVE-2023-34454
HistoryAug 08, 2023 - 5:21 p.m.

CVE-2023-34454

2023-08-0817:21:28
redhat.com
access.redhat.com
44
cve-2023-34454
snappy-java
shuffle function
denial of service
overflow error
input sizes

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.6%

A flaw was found in Snappy-java’s shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.6%