Lucene search
+L

387 matches found

osv
osv
added 2023/06/15 4:27 p.m.26 views

CVE-2023-34454 snappy-java's Integer Overflow vulnerability in compress leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function compresschar input in the file Snappy.java receives an array of characters and compresses it. I...

5.9CVSS6.8AI score0.01469EPSS
Exploits0References7
github
github
added 2023/06/15 4:13 p.m.47 views

snappy-java's Integer Overflow vulnerability in shuffle leads to DoS

Summary Due to unchecked multiplications, an integer overflow may occur, causing a fatal error. Impact Denial of Service Description The function shuffleint inputhttps://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.javaL107...

7.5CVSS7.2AI score0.01707EPSS
Exploits1References6Affected Software1
vulnersosv
vulnersosv
added 2023/06/15 4:13 p.m.11 views

ai.grakn:grakn (>=0.13.0 <=0.14.0), ai.grakn:grakn-client (>=0.13.0 <=0.14.0) +4251 more potentially affected by CVE-2023-34453 via org.xerial.snappy:snappy-java (>=1.0.1-rc3 <=1.1.10.0)

org.xerial.snappy:snappy-java MAVEN version =1.0.1-rc3, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.13.0, =0.13.0, =0.6.1, =0.17.0, =0.13.0, =0.14.0 and more Source cves: CVE-2023-34453 Source advisory: OSV:GHSA-PQR6-CMR2-H8HF...

7.5CVSS6.8AI score0.01707EPSS
Exploits1
osv
osv
added 2023/06/15 4:13 p.m.5 views

GHSA-PQR6-CMR2-H8HF snappy-java's Integer Overflow vulnerability in shuffle leads to DoS

Summary Due to unchecked multiplications, an integer overflow may occur, causing a fatal error. Impact Denial of Service Description The function shuffleint inputhttps://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.javaL107...

5.9CVSS6.9AI score0.01707EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2023/06/15 4:12 p.m.13 views

CVE-2023-34453 snappy-java's Integer Overflow vulnerability in shuffle leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffleint input in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It...

5.9CVSS7AI score0.01707EPSS
Exploits1References4
cve
cve
added 2023/06/15 4:12 p.m.405 views

CVE-2023-34453

CVE-2023-34453 affects snappy-java (Java port of Snappy). The vulnerability stems from unchecked multiplications in BitShuffle.java (shuffle variants for int, double, float, long, short), where length×multiplier can overflow, producing negative or zero values. This can trigger NegativeArraySizeEx...

7.5CVSS6.7AI score0.01707EPSS
Exploits1References4Affected Software1
osv
osv
added 2023/06/15 4:12 p.m.33 views

CVE-2023-34453 snappy-java's Integer Overflow vulnerability in shuffle leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffleint input in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It...

5.9CVSS7.1AI score0.01707EPSS
Exploits1References6
cvelist
cvelist
added 2023/06/15 4:12 p.m.34 views

CVE-2023-34453 snappy-java's Integer Overflow vulnerability in shuffle leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffleint input in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It...

5.9CVSS7.9AI score0.01707EPSS
Exploits1References4
cnnvd
cnnvd
added 2023/06/15 12:0 a.m.3 views

snappy-java 输入验证错误漏洞

snappy-java is the java port of snappy, a compression program by Taro L. Saito Personal Developer. An input validation error vulnerability exists in versions of snappy-java prior to 1.1.10.1, which stems from an unchecked multiplication operation that could result in an integer overflow leading t...

7.5CVSS7.1AI score0.01707EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2023/06/15 12:0 a.m.5 views

PT-2023-4869

Name of the Vulnerable Software and Affected Versions snappy-java versions prior to 1.1.10.1 Description The issue is related to an integer overflow in the compresschar input function of the snappy-java library, which can cause an unrecoverable fatal error. This occurs when the length of the inpu...

7.8CVSS6.8AI score0.01469EPSS
Exploits0References218
cnnvd
cnnvd
added 2023/06/15 12:0 a.m.4 views

snappy-java 输入验证错误漏洞

snappy-java is the java port of snappy, a compression program by Taro L. Saito Personal Developer. An input validation error vulnerability exists in versions of snappy-java prior to 1.1.10.1, which stems from an unchecked multiplication operation that could result in an integer overflow leading t...

7.5CVSS6.9AI score0.01469EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2023/06/15 12:0 a.m.5 views

PT-2023-4870

Name of the Vulnerable Software and Affected Versions snappy-java versions prior to 1.1.10.1 Description The issue is related to the use of an unchecked chunk length in the hasNextChunk function of the SnappyInputStream class, which can lead to an unrecoverable fatal error. This error occurs when...

7.8CVSS6.8AI score0.01762EPSS
Exploits1References216
cnnvd
cnnvd
added 2023/06/15 12:0 a.m.4 views

Snappy 输入验证错误漏洞

Snappy is a PHP library from KNP Labs Individual Developers that allows thumbnails, snapshots, or PDFs to be generated from url or html pages. Snappy An input validation error vulnerability exists in versions prior to snappy-java 1.1.10.1, which stems from an unchecked multiplication operation th...

7.5CVSS6.9AI score0.01762EPSS
Exploits1References10
ptsecurity
ptsecurity
added 2023/06/15 12:0 a.m.16 views

PT-2023-4871

Name of the Vulnerable Software and Affected Versions snappy-java versions prior to 1.1.10.1 Description The issue is related to an integer overflow in the shuffleint input function in the file BitShuffle.java, which can cause a fatal error. This function applies a bit shuffle to an array of...

9.1CVSS6.9AI score0.01707EPSS
Exploits2References213
bdu_fstec
bdu_fstec
added 2023/04/10 12:0 a.m.11 views

The vulnerability of the generateFromHtml() function in the PHP Snappy library allows a hacker to execute arbitrary code.

The vulnerability of the generateFromHtml function in the PHP Snappy library is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

10CVSS8.2AI score0.0276EPSS
Exploits1References8Affected Software2
nvd
nvd
added 2023/03/27 9:15 p.m.38 views

CVE-2023-28638

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

7CVSS7AI score0.00553EPSS
Exploits0References2
cvelist
cvelist
added 2023/03/27 8:43 p.m.41 views

CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

7CVSS7.2AI score0.00553EPSS
Exploits0References2
veracode
veracode
added 2023/03/23 12:53 a.m.64 views

Remote Code Execution (RCE)

knplabs/knp-snappy is vulnerable to Remote Code Execution RCE. The vulnerability is due to the library not checking the file type during upload, which allows an attacker to upload a phar:// file which will be deserialized during the fileexists function because it fails to check the file type,...

9.8CVSS9.4AI score0.0276EPSS
Exploits1References7Affected Software1
nvd
nvd
added 2023/03/17 10:15 p.m.16 views

CVE-2023-28115

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...

9.8CVSS9.9AI score0.0276EPSS
Exploits1References6
osv
osv
added 2023/03/17 10:15 p.m.1 views

DEBIAN-CVE-2023-28115

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...

9.8CVSS9.5AI score0.0276EPSS
Exploits1References1
Rows per page
Query Builder