Security Bulletin: vulnerability addressed in IBM Big Replicate LiveData Migrator 3.4

Summary The libraries affected include Aircompressor. Dependency packages are being used by IBM Big Replicate LiveData Migrator. This bulletin describes the upgrades necessary to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: Aircompressor is a library with...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...

CVE-2025-67721 Aircompressor's Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via...

EUVD-2025-203174

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via...

Aircompressor 安全漏洞

Aircompressor is an airlift open source library that ports the Snappy, LZO, LZ4 and Zstandard compression algorithms to Java. Aircompressor versions prior to 0.27 have a security vulnerability that stems from a decompressor that may crash the JVM and leak memory contents...