Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused...

snappy-java: Unchecked chunk length leads to DoS

A flaw was found in Snappy-java's fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial...

DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server

This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5...

Security Bulletin: Netcool Operations Insights 1.6.11 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.11 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially...

Security Bulletin: IBM Security Verify Information Queue has a third-party library vulnerability (CVE-2023-43642)

Summary IBM Security Verify Information Queue ISIQ v10.0.7 has upgraded its Apache Kafka client to remediate a vulnerability in the snappy-java compression library. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper...

Security Bulletin: Vulnerabilities in snappy-java, Python, postgresql, Golang might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in snappy-java, Python, PostgreSQL, and Golang Go. Vulnerabilities include causing a denial of service condition, causing a CPU denial of service condition, gaining access to the server's resources without being...

(RHSA-2023:7705) Important: Red Hat Build of Apache Camel for Quarkus 2.13.3 security update (RHBQ 2.13.9.Final)

A security update for Red Hat Build of Apache Camel for Quarkus 2.13.3 is now available updates to RHBQ 2.13.9.Final. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

snappy-java: Unchecked chunk length leads to DoS

A flaw was found in Snappy-java's fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial...

Security Bulletin: Snappy-java is vulnerable to CVE-2023-43642 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses snappy-java which is vulnerable to CVE-2023-43642. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, cause...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.9 release and security update

A new release of the Red Hat build of Quarkus is now available. This new release comes packed with a host of enhancements, bug fixes, and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...

Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in snappy-java (CVE-2023-43642)

Summary This security vulnerability in snappy-java which is a Java port of the snappy within IBM Operator for Apache Flink is vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.0 has addressed security vulnerabilities

Summary IBM Cognos Dashboards on Cloud Pak for Data 4.8.0 resolves vulnerabilities reported in the Node.js August 2023 Security Releases as well as vulnerabilities in Apache POI, Apache Shiro, Apache Commons Net, Apache Commons Codec, Eclipse Jetty, Netty, Python and Snappy-Java.Please refer to t...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in snappy-java (CVE-2023-43642)

Summary A vulnerability in snappy-java used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request, a...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in snappy-java

Summary Multiple vulnerabilities in snappy-java used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk function. By sendi...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to snappy-java CVE-2023-43642)

Summary snappy-java is used by the IBM App Connect Enterprise and IBM Integration Bus Kafka nodes CVE-2023-43642 Vulnerability Details CVEID: CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID: CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list...

Denial Of Service (DoS)

Snappy-Java is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of a max chunk length check, allowing an attacker to decompress data with a chunk size which is too large to process resulting in Denial of Service...

Security Bulletin: There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34455, CVE-2023-34454, CVE-2023-34453)

Summary There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk...

Security Bulletin: IBM Maximo Asset Management is affected by multiple vulnerabilities (CVE-2023-34455, CVE-2023-34454, CVE-2023-34453) in snappy-java.

Summary IBM Maximo Asset Management is affected by multiple vulnerabilities CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 in snappy-java. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in th...