126 matches found
Astra Linux - уязвимость в snappy-java
Snappy-Java is a Java port of the snappy, a fast C++ compressor/ decompressor developed by Google. It was found that the SnappyInputStream is vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to a lack of a upper bound check on the chunk length, ...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to snappy-java
Summary IBM webMethods BPM uses snappy-java which is automatically pulled in by kafka-clients as a compression codec dependency. The project doesn't directly use Snappy; it's used internally by Kafka for efficient message compression when streaming events through webmethods's event streaming...
EUVD-2023-1867
Malicious code in bioql PyPI...
EUVD-2023-1784
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-34453
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6 Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory le...
Security Bulletin: InfoSphere Data Replication is affected by a Snappy-Java vulnerability (CVE-2023-43642)
Summary InfoSphere Data Replication uses Snappy-Java. This bulletin identifies the steps to take to address the vulnerability in that package. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk...
Linux Distros Unpatched Vulnerability : CVE-2023-34454
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a...
Linux Distros Unpatched Vulnerability : CVE-2023-43642
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of...
Linux Distros Unpatched Vulnerability : CVE-2023-34455
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to...
snappy-java Vulnerable to Denial-of-Service (DoS) due to Improper Input Validation in File 'SnappyInputStream.java'
In snappy-java the stream chunk processing implementation uses a user controlled value to define the size of an allocated array. A remote attacker may abuse this by creating a crafted input stream that causes an extremely large array to be allocated, or a negative array size to be used. Both case...
Security Bulletin: InfoSphere Data Replication is affected by Snappy-Java vulnerabilities
Summary InfoSphere Data Replication uses Snappy-Java. This bulletin identifies the steps to take to address the vulnerability in that package. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle...
Security Bulletin:Vulnerability in snappy-java affects watsonx.data
Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request,...
Security Bulletin: Vulnerability in snappy-java affects watsonx.data
Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk function. By sending a...
Security Bulletin: Vulnerability in snappy-java affects watsonx.data
Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34454 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the compress function. By sending a specially crafted...
Security Bulletin: Vulnerability in snappy-java affects watsonx.data
Summary snappy-java is vulnerable to denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially crafted request,...
Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 283 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorre...
Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8
Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...
snappy-java: Unchecked chunk length leads to DoS
A flaw was found in Snappy-java's fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial...
Security Bulletin: Vulnerabilities in snappy-java affect watsonx.data
Summary Snappy-java is vulnerable to denial of service attacks cause by integer overflows and unchecked chunk lengths. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the...