Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-34453
HistoryJun 15, 2023 - 12:00 a.m.

CVE-2023-34453

2023-06-1500:00:00
ubuntu.com
ubuntu.com
35
snappy-java
integer overflow
bitshuffle
vulnerability
java
multiplication
fatal error

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.6%

snappy-java is a fast compressor/decompressor for Java. Due to unchecked
multiplications, an integer overflow may occur in versions prior to
1.1.10.1, causing a fatal error. The function shuffle(int[] input) in the
file BitShuffle.java receives an array of integers and applies a bit
shuffle on it. It does so by multiplying the length by 4 and passing it to
the natively compiled shuffle function. Since the length is not tested, the
multiplication by four can cause an integer overflow and become a smaller
value than the true size, or even zero or negative. In the case of a
negative value, a java.lang.NegativeArraySizeException exception will
raise, which can crash the program. In a case of a value that is zero or
too small, the code that afterwards references the shuffled array will
assume a bigger size of the array, which might cause exceptions such as
java.lang.ArrayIndexOutOfBoundsException. The same issue exists also when
using the shuffle functions that receive a double, float, long and short,
each using a different multiplier that may cause the same issue. Version
1.1.10.1 contains a patch for this vulnerability.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.6%