snappy-java Vulnerable to Denial-of-Service (DoS) due to Improper Input Validation in File 'SnappyInputStream.java'

In snappy-java the stream chunk processing implementation uses a user controlled value to define the size of an allocated array. A remote attacker may abuse this by creating a crafted input stream that causes an extremely large array to be allocated, or a negative array size to be used. Both case...

Denial Of Service (DoS)

snappy-java is vulnerable to Denial Of Service DoS. The vulnerability exists because the hasNextChunk function of SnappyInputStream.java does not properly check for negative chunk sizes and huge positive values such as 0x7FFFFFFF, which leads to java.lang.NegativeArraySizeException and...

Design/Logic Flaw

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...

CVE-2023-34455 snappy-java's unchecked chunk length leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...