6 matches found
Security Bulletin:IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114
Summary IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: airlift aircompressor could allow a local attacker...
CVE-2024-36114 vulnerabilities
Vulnerabilities for packages: spark, trino, apache-nifi, druid...
CVE-2024-36114 vulnerabilities
Vulnerabilities for packages: apache-nifi, trino, spark, druid...
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java proce...