Astra Linux – Vulnerability in snappy-java

Snappy-Java is a Java port of the snappy, a fast C++ compressor/decompressor developed by Google. It was found that the SnappyInputStream is vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to a lack of a upper bound check on the chunk length, a...

ROOT-APP-MAVEN-CVE-2023-34454 CVE-2023-34454 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-34454 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2023-34455 CVE-2023-34455 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-34455 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2023-43642 CVE-2023-43642 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-43642 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2023-34453 CVE-2023-34453 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-34453 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to snappy-java

Summary IBM webMethods BPM uses snappy-java which is automatically pulled in by kafka-clients as a compression codec dependency. The project doesn't directly use Snappy; it's used internally by Kafka for efficient message compression when streaming events through webmethods's event streaming...

EUVD-2023-1867

Malicious code in bioql PyPI...

EUVD-2023-1784

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-34453

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6 Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory le...

Security Bulletin: InfoSphere Data Replication is affected by a Snappy-Java vulnerability (CVE-2023-43642)

Summary InfoSphere Data Replication uses Snappy-Java. This bulletin identifies the steps to take to address the vulnerability in that package. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk...

Linux Distros Unpatched Vulnerability : CVE-2023-34455

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to...

Linux Distros Unpatched Vulnerability : CVE-2023-34454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a...

Linux Distros Unpatched Vulnerability : CVE-2023-43642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of...

snappy-java Vulnerable to Denial-of-Service (DoS) due to Improper Input Validation in File 'SnappyInputStream.java'

In snappy-java the stream chunk processing implementation uses a user controlled value to define the size of an allocated array. A remote attacker may abuse this by creating a crafted input stream that causes an extremely large array to be allocated, or a negative array size to be used. Both case...

Security Bulletin: InfoSphere Data Replication is affected by Snappy-Java vulnerabilities

Summary InfoSphere Data Replication uses Snappy-Java. This bulletin identifies the steps to take to address the vulnerability in that package. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle...

Security Bulletin:Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request,...

Security Bulletin: Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk function. By sending a...

Security Bulletin: Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34454 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the compress function. By sending a specially crafted...

Security Bulletin: Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially crafted request,...