Showing 1 - 3 of 3

CVE-2023-34455

Status Candidate

Overview

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk. In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error. Version 1.1.10.1 contains a patch for this issue.

Related Files

Red Hat Security Advisory 2023-5165-01: Posted Sep 15, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5165-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Issues addressed include code execution, denial of service, deserialization, and integer overflow vulnerabilities.; tags | advisory, denial of service, overflow, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2021-37136, CVE-2021-37137, CVE-2022-1471, CVE-2022-24823, CVE-2022-36944, CVE-2023-0482, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-33201, CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-34462; SHA-256 | c7bacd29d694aaaaf457349ec19016b4d130ffc214bfce870fe209e62bdbdd3c; Download | Favorite | View

Red Hat Security Advisory 2023-5148-01: Posted Sep 14, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5148-01 - Red Hat Integration Camel for Spring Boot 3.20.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include bypass and denial of service vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2023-20873, CVE-2023-34455; SHA-256 | b0954fc421046b904362a64bc1355a62d0f65f3a440cff6f4d97de9a4d265f11; Download | Favorite | View

Red Hat Security Advisory 2023-5147-01: Posted Sep 14, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5147-01 - A security update for Camel for Spring Boot 3.18.3.2 is now available. Issues addressed include bypass and denial of service vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2021-46877, CVE-2023-20873, CVE-2023-33201, CVE-2023-34455; SHA-256 | 66396fdb7f1a3317d1bdabc7a31a25d0e1214a43a1cc54712ba36d28fdcd5a64; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 266 files
Ubuntu 54 files
Debian 23 files
Gentoo 17 files
Ahmet Umit Bayram 10 files
Apple 9 files
malvuln 7 files
Jann Horn 5 files
Google Security Research 5 files
nu11secur1ty 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,051)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,873)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,976)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,535)
UNIX (9,409)
UnixWare (187)
Windows (6,660)
Other

CVE-2023-34455

Overview

Related Files

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems