Lucene search
K

353 matches found

Cvelist
Cvelist
added 2023/09/25 7:3 p.m.39 views

CVE-2023-43642 Missing upper bound check on chunk length in snappy-java

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

7.5CVSS7.6AI score0.0104EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/08/30 7:59 p.m.4 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/26 1:19 a.m.3 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
NVD
NVD
added 2023/06/15 6:15 p.m.27 views

CVE-2023-34455

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...

7.5CVSS7.4AI score0.01762EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2023/06/15 6:15 p.m.202 views

CVE-2023-34455

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...

7.5CVSS6.9AI score0.01762EPSS
Exploits1References5
Prion
Prion
added 2023/06/15 6:15 p.m.28 views

Design/Logic Flaw

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...

5CVSS7.3AI score0.01762EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/06/15 5:15 p.m.20 views

CVE-2023-34454

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function compresschar input in the file Snappy.java receives an array of characters and compresses it. I...

7.5CVSS6.5AI score0.01469EPSS
Exploits0References5
CVE
CVE
added 2023/06/15 5:15 p.m.977 views

CVE-2023-34455

CVE-2023-34455 concerns snappy-java. The issue arises from an unchecked chunk length in SnappyInputStream.hasNextChunk, which can allocate a negative or excessively large array when handling untrusted input, potentially causing a java.lang.NegativeArraySizeException or java.lang.OutOfMemoryError....

7.5CVSS6.5AI score0.01762EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2023/06/15 5:15 p.m.45 views

CVE-2023-34453

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffleint input in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It...

7.5CVSS6.8AI score0.01707EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/06/15 5:15 p.m.36 views

CVE-2023-34455 snappy-java's unchecked chunk length leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...

7.5CVSS7.7AI score0.01762EPSS
Exploits1References5
Prion
Prion
added 2023/06/15 5:15 p.m.26 views

Integer overflow

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffleint input in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It...

5CVSS7.5AI score0.01707EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/06/15 5:15 p.m.29 views

CVE-2023-34455 snappy-java's unchecked chunk length leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...

7.5CVSS6.7AI score0.01762EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2023/06/15 4:28 p.m.47 views

snappy-java's Integer Overflow vulnerability in compress leads to DoS

Summary Due to unchecked multiplications, an integer overflow may occur, causing an unrecoverable fatal error. Impact Denial of Service Description The function compresschar...

7.5CVSS7AI score0.01469EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/06/15 4:27 p.m.25 views

CVE-2023-34454 snappy-java's Integer Overflow vulnerability in compress leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function compresschar input in the file Snappy.java receives an array of characters and compresses it. I...

5.9CVSS6.8AI score0.01469EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/06/15 12:0 a.m.4 views

Snappy 输入验证错误漏洞

Snappy is a PHP library from KNP Labs Individual Developers that allows thumbnails, snapshots, or PDFs to be generated from url or html pages. Snappy An input validation error vulnerability exists in versions prior to snappy-java 1.1.10.1, which stems from an unchecked multiplication operation th...

7.5CVSS6.9AI score0.01762EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2023/05/18 12:39 a.m.8 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/16 8:57 a.m.8 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/16 8:52 a.m.2 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.25 views

CentOS 8 : grafana-pcp (CESA-2023:2785)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:2785 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if...

7.5CVSS6.9AI score0.02607EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/05/09 10:11 a.m.5 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
Rows per page
Query Builder