387 matches found
CVE-2023-34454 snappy-java's Integer Overflow vulnerability in compress leads to DoS
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function compresschar input in the file Snappy.java receives an array of characters and compresses it. I...
snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
Summary Due to unchecked multiplications, an integer overflow may occur, causing a fatal error. Impact Denial of Service Description The function shuffleint inputhttps://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.javaL107...
ai.grakn:grakn (>=0.13.0 <=0.14.0), ai.grakn:grakn-client (>=0.13.0 <=0.14.0) +4251 more potentially affected by CVE-2023-34453 via org.xerial.snappy:snappy-java (>=1.0.1-rc3 <=1.1.10.0)
org.xerial.snappy:snappy-java MAVEN version =1.0.1-rc3, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.13.0, =0.13.0, =0.6.1, =0.17.0, =0.13.0, =0.14.0 and more Source cves: CVE-2023-34453 Source advisory: OSV:GHSA-PQR6-CMR2-H8HF...
GHSA-PQR6-CMR2-H8HF snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
Summary Due to unchecked multiplications, an integer overflow may occur, causing a fatal error. Impact Denial of Service Description The function shuffleint inputhttps://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.javaL107...
CVE-2023-34453 snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffleint input in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It...
CVE-2023-34453
CVE-2023-34453 affects snappy-java (Java port of Snappy). The vulnerability stems from unchecked multiplications in BitShuffle.java (shuffle variants for int, double, float, long, short), where length×multiplier can overflow, producing negative or zero values. This can trigger NegativeArraySizeEx...
CVE-2023-34453 snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffleint input in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It...
CVE-2023-34453 snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffleint input in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It...
snappy-java 输入验证错误漏洞
snappy-java is the java port of snappy, a compression program by Taro L. Saito Personal Developer. An input validation error vulnerability exists in versions of snappy-java prior to 1.1.10.1, which stems from an unchecked multiplication operation that could result in an integer overflow leading t...
PT-2023-4869
Name of the Vulnerable Software and Affected Versions snappy-java versions prior to 1.1.10.1 Description The issue is related to an integer overflow in the compresschar input function of the snappy-java library, which can cause an unrecoverable fatal error. This occurs when the length of the inpu...
snappy-java 输入验证错误漏洞
snappy-java is the java port of snappy, a compression program by Taro L. Saito Personal Developer. An input validation error vulnerability exists in versions of snappy-java prior to 1.1.10.1, which stems from an unchecked multiplication operation that could result in an integer overflow leading t...
PT-2023-4870
Name of the Vulnerable Software and Affected Versions snappy-java versions prior to 1.1.10.1 Description The issue is related to the use of an unchecked chunk length in the hasNextChunk function of the SnappyInputStream class, which can lead to an unrecoverable fatal error. This error occurs when...
Snappy 输入验证错误漏洞
Snappy is a PHP library from KNP Labs Individual Developers that allows thumbnails, snapshots, or PDFs to be generated from url or html pages. Snappy An input validation error vulnerability exists in versions prior to snappy-java 1.1.10.1, which stems from an unchecked multiplication operation th...
PT-2023-4871
Name of the Vulnerable Software and Affected Versions snappy-java versions prior to 1.1.10.1 Description The issue is related to an integer overflow in the shuffleint input function in the file BitShuffle.java, which can cause a fatal error. This function applies a bit shuffle to an array of...
The vulnerability of the generateFromHtml() function in the PHP Snappy library allows a hacker to execute arbitrary code.
The vulnerability of the generateFromHtml function in the PHP Snappy library is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
CVE-2023-28638
Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...
CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier
Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...
Remote Code Execution (RCE)
knplabs/knp-snappy is vulnerable to Remote Code Execution RCE. The vulnerability is due to the library not checking the file type during upload, which allows an attacker to upload a phar:// file which will be deserialized during the fileexists function because it fails to check the file type,...
CVE-2023-28115
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...
DEBIAN-CVE-2023-28115
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...