10 matches found
EUVD-2023-1867
Malicious code in bioql PyPI...
Security Bulletin: Vulnerabilities in snappy-java affect watsonx.data
Summary Snappy-java is vulnerable to a denial of service, caused by either an integer overflow, use of an unchecked chunk length or missing upper bound check on chunk length. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a deni...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID: CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list...
CVE-2023-34455
snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...
CVE-2023-34455
snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...
Design/Logic Flaw
snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...
snappy-java's unchecked chunk length leads to DoS
Summary Due to use of an unchecked chunk length, an unrecoverable fatal error can occur. Impact Denial of Service Description The code in the function hasNextChunk in the file SnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If i...
CVE-2023-34455 snappy-java's unchecked chunk length leads to DoS
snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...
CVE-2023-34455
CVE-2023-34455 concerns snappy-java. The issue arises from an unchecked chunk length in SnappyInputStream.hasNextChunk, which can allocate a negative or excessively large array when handling untrusted input, potentially causing a java.lang.NegativeArraySizeException or java.lang.OutOfMemoryError....
PT-2023-4870
Name of the Vulnerable Software and Affected Versions snappy-java versions prior to 1.1.10.1 Description The issue is related to the use of an unchecked chunk length in the hasNextChunk function of the SnappyInputStream class, which can lead to an unrecoverable fatal error. This error occurs when...