Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service

Summary snappy-java is used by IBM App Connect Enterprise Certified Container by the Kafka connectors. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the...

Security Bulletin: Vulnerability with snappy-java affect IBM Cloud Object Storage Systems (Oc2023v1)

Summary Vulnerability with snappy-java CVE-2023-43642 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a...

Security Bulletin: Vulnerability in snappy-java affects IBM Process Mining . CVE-2023-34453

Summary There is a vulnerability in snappy-java that could allow a remote attacker to execute a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION:...

CVE-2023-43642

A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service DoS...

OESA-2023-1700 snappy-java security update

A Java port of the snappy, a fast compresser/decompresser written in C++. Security Fixes: snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data wit...

UBUNTU-CVE-2023-43642

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

CVE-2023-43642

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

CVE-2023-43642 Missing upper bound check on chunk length in snappy-java

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

CVE-2023-43642

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

CVE-2023-43642 Missing upper bound check on chunk length in snappy-java

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

CVE-2023-43642

CVE-2023-43642 (snappy-java) : The SnappyInputStream lacks an upper bound check on chunk length, enabling a DoS with large chunks. All versions up to 1.1.10.3 are vulnerable; a fix was added in commit 9f8c3cf74 and will be included in 1.1.10.4. Affected products/versions are Snappy Java releases ...

ai.catboost:catboost-spark_2.3_2.11 (>=1.2.1 <=1.2.7), ai.catboost:catboost-spark_2.4_2.11 (>=1.2.1 <=1.2.7) +6287 more potentially affected by CVE-2023-43642 via org.xerial.snappy:snappy-java (>=1.0.1-rc3 <=1.1.10.3)

org.xerial.snappy:snappy-java MAVEN version =1.0.1-rc3, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.3, =1.2.3, =0.13.0, =0.14.0 and more Source cves: CVE-2023-43642 Source advisory: OSV:GHSA-55G7-9CWV-5QFV...

snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact

Summary snappy-java is a data compression library in Java. Its SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too-large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. Scope All...

PT-2023-8389 · Unknown +2 · Snappy-Java +3

Name of the Vulnerable Software and Affected Versions: snappy-java versions 1.1.10.3 and earlier Description: The SnappyInputStream in snappy-java is vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size due to a missing upper bound check on chunk length,...

Security Bulletin: Vulnerabilities in snappy-java might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in snappy-java. Vulnerabilities including a remote attacker could exploit these vulnerabilities to cause a denial of service condition, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Detai...

snappy-java: Unchecked chunk length leads to DoS

A flaw was found in Snappy-java's fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial...

snappy-java: Integer overflow in shuffle leads to DoS

A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update

Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

snappy-java: Unchecked chunk length leads to DoS

A flaw was found in Snappy-java's fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial...

snappy-java: Unchecked chunk length leads to DoS

A flaw was found in Snappy-java's fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial...