Lucene search
K

33 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1996

Malicious code in bioql PyPI...

8.6CVSS6.8AI score0.00504EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 4:52 a.m.3 views

CVE-2024-36114

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...

8.6CVSS8.5AI score0.00504EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/19 3:48 p.m.20 views

Security Bulletin:IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114

Summary IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: airlift aircompressor could allow a local attacker...

8.6CVSS8.1AI score0.00504EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 5:58 p.m.19 views

Security Bulletin: Vulnerability in Airlift aircompressor affects watsonx.data

Summary Airlift aircompressor could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read/write flaw in the decompressor implementations. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: airlift aircompressor could allow a loc...

8.6CVSS8.1AI score0.00504EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/06/02 10:30 p.m.4 views

GHSA-973X-65J7-XCF4 Decompressors can crash the JVM and leak memory content in Aircompressor

Summary All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process which could contain sensitive information. Details When decompressing certain data, the...

8.6CVSS6.8AI score0.00504EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/06/02 10:30 p.m.43 views

Decompressors can crash the JVM and leak memory content in Aircompressor

Summary All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process which could contain sensitive information. Details When decompressing certain data, the...

8.6CVSS6.2AI score0.00504EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2024/05/30 6:7 a.m.18 views

Denial Of Service (DoS) / Information Disclosure

io.airlift: aircompressor is vulnerable to Denial Of Service DoS / Information Disclosure. The vulnerability is due to improper memory bounds checking during data decompression, caused by the use of the sun.misc.Unsafe class without additional safeguards. This can lead to out-of-bounds memory...

8.6CVSS7AI score0.00504EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/05/29 9:15 p.m.15 views

CVE-2024-36114

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...

8.6CVSS8.6AI score0.00504EPSS
Exploits0References5
OSV
OSV
added 2024/05/29 8:24 p.m.20 views

CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...

8.6CVSS7.1AI score0.00504EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/05/29 8:24 p.m.49 views

CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...

8.6CVSS8.6AI score0.00504EPSS
Exploits0References5
CVE
CVE
added 2024/05/29 8:24 p.m.335 views

CVE-2024-36114

Aircompressor (Java) decompression for LZ4, LZO, Snappy, and Zstandard can crash the JVM or leak memory when decompressing certain inputs due to out-of-bounds access via sun.misc.Unsafe. This affects all decompressor paths and is mitigated by upgrading to Aircompressor 0.27 or newer, which fixes ...

8.6CVSS8.5AI score0.00504EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/29 8:24 p.m.21 views

CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...

8.6CVSS8.5AI score0.00504EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/29 12:0 a.m.6 views

Aircompressor 安全漏洞

Aircompressor is an airlift open source library that ports the Snappy, LZO, LZ4 and Zstandard compression algorithms to Java. Aircompressor versions prior to 0.27 have a security vulnerability that stems from a decompressor that may crash the JVM and leak memory contents...

8.6CVSS6.7AI score0.00504EPSS
Exploits0References9
Rows per page
Query Builder