CVE-2023-34455

CVE-2023-34455 concerns snappy-java. The issue arises from an unchecked chunk length in SnappyInputStream.hasNextChunk, which can allocate a negative or excessively large array when handling untrusted input, potentially causing a java.lang.NegativeArraySizeException or java.lang.OutOfMemoryError....

CVE-2023-43642

CVE-2023-43642 (snappy-java) : The SnappyInputStream lacks an upper bound check on chunk length, enabling a DoS with large chunks. All versions up to 1.1.10.3 are vulnerable; a fix was added in commit 9f8c3cf74 and will be included in 1.1.10.4. Affected products/versions are Snappy Java releases ...

CVE-2023-34453

CVE-2023-34453 affects snappy-java (Java port of Snappy). The vulnerability stems from unchecked multiplications in BitShuffle.java (shuffle variants for int, double, float, long, short), where length×multiplier can overflow, producing negative or zero values. This can trigger NegativeArraySizeEx...

CVE-2023-34454

CVE-2023-34454 (snappy-java) : Unchecked multiplications when compressing inputs can overflow, causing negative or invalid allocation sizes. The issue affects versions prior to 1.1.10.1 and is triggered by multiplying input length (e.g., by 2 for char[], by 4 for int[]) without validating the len...