33 matches found
EUVD-2024-1996
Malicious code in bioql PyPI...
CVE-2024-36114
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...
Security Bulletin:IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114
Summary IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: airlift aircompressor could allow a local attacker...
Security Bulletin: Vulnerability in Airlift aircompressor affects watsonx.data
Summary Airlift aircompressor could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read/write flaw in the decompressor implementations. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: airlift aircompressor could allow a loc...
GHSA-973X-65J7-XCF4 Decompressors can crash the JVM and leak memory content in Aircompressor
Summary All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process which could contain sensitive information. Details When decompressing certain data, the...
Decompressors can crash the JVM and leak memory content in Aircompressor
Summary All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process which could contain sensitive information. Details When decompressing certain data, the...
Denial Of Service (DoS) / Information Disclosure
io.airlift: aircompressor is vulnerable to Denial Of Service DoS / Information Disclosure. The vulnerability is due to improper memory bounds checking during data decompression, caused by the use of the sun.misc.Unsafe class without additional safeguards. This can lead to out-of-bounds memory...
CVE-2024-36114
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...
CVE-2024-36114
Aircompressor (Java) decompression for LZ4, LZO, Snappy, and Zstandard can crash the JVM or leak memory when decompressing certain inputs due to out-of-bounds access via sun.misc.Unsafe. This affects all decompressor paths and is mitigated by upgrading to Aircompressor 0.27 or newer, which fixes ...
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...
Aircompressor 安全漏洞
Aircompressor is an airlift open source library that ports the Snappy, LZO, LZ4 and Zstandard compression algorithms to Java. Aircompressor versions prior to 0.27 have a security vulnerability that stems from a decompressor that may crash the JVM and leak memory contents...