CVE-2024-36124
Published: March 6, 2024
iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5.
MEDIUM
CVSS v3: 5.3
CVSS v3: 5.3
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 25.1 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 24.4 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 24.4.0 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 24.3 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 24.2.1 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 24.2 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 24.1 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 23.3 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 23.2.1 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 23.2 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 23.1 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 22.4 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 22.3 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 22.2 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 22.1 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 21.11.1 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 21.11 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 21.8.1 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 21.8 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 21.5.1 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 21.5.0 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 21.2.0 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.20 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.19.3667 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.18.3599 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.17 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.16.3445 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.15.3368 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.14.3263 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.13.3179 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.12.3054 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.11.3040 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.11.2990 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.10.2934 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.9.2878 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
| 11.4.8.2822 | snappy (1.1.3) | False Positive | Code Not Present | Unknown vendors ‘dain’ |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
LOW
Base Score
5.3
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version
3.1