Veracode Vulnerability DatabaseVERACODE:47264Denial Of Service (DoS) / Information Disclosure
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%
io.airlift: aircompressor is vulnerable to Denial Of Service (DoS) / Information Disclosure. The vulnerability is due to improper memory bounds checking during data decompression, caused by the use of the sun.misc.Unsafe class without additional safeguards. This can lead to out-of-bounds memory access and potentially leads to a Java Virtual Machine (JVM) crash or the exposure sensitive information.
References
github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071
github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e
github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f
github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e
github.com/airlift/aircompressor/pull/186
github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%