Bug 2215445 (CVE-2023-34455)
Summary: | CVE-2023-34455 snappy-java: Unchecked chunk length leads to DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sandipan Roy <saroy> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | adupliak, aileenc, alampare, alazarot, anstephe, asoldano, ataylor, avibelli, bbaranow, bgeorges, bmaxwell, brian.stansberry, cdewolf, chazlett, clement.escoffier, dandread, darran.lofthouse, dhanak, dkreling, dosoudil, dsimansk, emingora, eric.wittmann, fjuma, fmongiar, gjospin, gmalinko, gsmet, hhorak, ibek, ivassile, iweiss, janstey, jcantril, jmartisk, jnethert, jorton, jpechane, jpoth, jrokos, jross, jscholz, kverlaen, lbacciot, lball, lgao, lthon, matzew, max.andersen, mizdebsk, mnovotny, mosmerov, msochure, mstefank, msvehla, nwallace, pantinor, pdelbell, peholase, periklis, pgallagh, pjindal, pmackay, probinso, rguimara, rhuss, rkieley, rruss, rstancel, rsvoboda, saroy, sbiarozk, sdouglas, skontopo, smaestri, swoodman, tcunning, tom.jenkinson, tqvarnst, yfang |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | snappy-java 1.1.10.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Snappy-java's fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2215448, 2215449, 2216107 | ||
Bug Blocks: | 2215395 |
Description
Sandipan Roy
2023-06-16 04:10:26 UTC
This issue has been addressed in the following products: RHINT Camel-Springboot 3.18.3.2 Via RHSA-2023:5147 https://access.redhat.com/errata/RHSA-2023:5147 This issue has been addressed in the following products: RHINT Camel-Springboot 3.20.2 Via RHSA-2023:5148 https://access.redhat.com/errata/RHSA-2023:5148 This issue has been addressed in the following products: Red Hat AMQ Streams 2.5.0 Via RHSA-2023:5165 https://access.redhat.com/errata/RHSA-2023:5165 This issue has been addressed in the following products: RHINT Service Registry 2.5.4 GA Via RHSA-2023:7653 https://access.redhat.com/errata/RHSA-2023:7653 This issue has been addressed in the following products: Red Hat build of Quarkus 2.13.9 Via RHSA-2023:7700 https://access.redhat.com/errata/RHSA-2023:7700 This issue has been addressed in the following products: Red Hat Integration Via RHSA-2023:7705 https://access.redhat.com/errata/RHSA-2023:7705 This issue has been addressed in the following products: RHINT Camel-K 1.10.5 Via RHSA-2024:0148 https://access.redhat.com/errata/RHSA-2024:0148 |