Lucene search
Veracode Vulnerability DatabaseVERACODE:40946HistoryJun 20, 2023 - 2:40 a.m.
Integer Overflow
2023-06-2002:40:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
0.001 Low
EPSS
Percentile
22.3%
snappy-java is vulnerable to Integer Overflow. The vulnerability exists because the shuffle functions of BitShuffle.java does not properly check multiplication results if its zero, too small or a negative value or not which cause java.lang.NegativeArraySizeException and java.lang.ArrayIndexOutOfBoundsException exceptions, leading to an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| snappy-java | eq | 1.1.3-M1 | |
| snappy-java | le | 1.1.10.0 | |
| snappy-java | eq | 1.1.3-M1 | |
| snappy-java | le | 1.1.10.0 |
References
github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.java#L107
github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/BitShuffle.java
github.com/xerial/snappy-java/commit/820e2e074c58748b41dbd547f4edba9e108ad905
github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf
Related
atlassian
atlassian
ibm
ibm
cve
cve
CVE-2023-34453
2023-06-15 17:15:09
osv
osv
snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
2023-06-15 16:13:20
CVE-2023-34453
2023-06-15 17:15:09
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2023-34453
2023-06-15 00:00:00
prion
prion
Integer overflow
2023-06-15 17:15:00
github
github
snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
2023-06-15 16:13:20
redhatcve
redhatcve
CVE-2023-34453
2023-08-08 16:49:21
redhat
redhat
nessus
nessus
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00