Lucene search

K
XerialSnappy-java

5 matches found

CVE
CVE
added 2023/06/15 6:15 p.m.806 views

CVE-2023-34455

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does th...

7.5CVSS6.5AI score0.00447EPSS
CVE
CVE
added 2023/09/25 8:15 p.m.479 views

CVE-2023-43642

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

7.5CVSS7.4AI score0.00073EPSS
CVE
CVE
added 2023/06/15 5:15 p.m.305 views

CVE-2023-34453

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffle(int[] input) in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. ...

7.5CVSS6.7AI score0.00796EPSS
CVE
CVE
added 2023/06/15 5:15 p.m.301 views

CVE-2023-34454

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function compress(char[] input) in the file Snappy.java receives an array of characters and compresses it....

7.5CVSS7.4AI score0.00201EPSS
CVE
CVE
added 2024/06/03 3:15 p.m.212 views

CVE-2024-36124

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar security...

5.3CVSS5.1AI score0.0018EPSS