Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Snappy Security Vulnerabilities

cve
cve

CVE-2023-43642

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an...

7.5CVSS

7.3AI Score

0.0005EPSS

2023-09-25 08:15 PM
283
cve
cve

CVE-2023-41330

knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check if...

9.8CVSS

9.7AI Score

0.007EPSS

2023-09-06 06:15 PM
12
cve
cve

CVE-2023-34455

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...

7.5CVSS

7.3AI Score

0.001EPSS

2023-06-15 06:15 PM
596
cve
cve

CVE-2023-34454

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function compress(char[] input) in the file Snappy.java receives an array of characters and compresses...

7.5CVSS

7.4AI Score

0.001EPSS

2023-06-15 05:15 PM
102
cve
cve

CVE-2023-34453

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffle(int[] input) in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it.....

7.5CVSS

7.5AI Score

0.001EPSS

2023-06-15 05:15 PM
113
cve
cve

CVE-2023-28115

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_exists() function. If an attacker can upload files of any....

9.8CVSS

9.7AI Score

0.021EPSS

2023-03-17 10:15 PM
107
cve
cve

CVE-2018-7577

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process...

8.1CVSS

7.7AI Score

0.001EPSS

2019-04-24 05:29 PM
48