CVE-2023-34453

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-34453
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34453.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-34453
Aliases
Downstream
Related
Published
2023-06-15T16:12:34Z
Modified
2025-10-22T18:39:10.195649Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
Details

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error.

The function shuffle(int[] input) in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a java.lang.NegativeArraySizeException exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as java.lang.ArrayIndexOutOfBoundsException.

The same issue exists also when using the shuffle functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue.

Version 1.1.10.1 contains a patch for this vulnerability.

Database specific 
{
    "cwe_ids": [
        "CWE-190"
    ]
}
References

Affected packages

Git / github.com/xerial/snappy-java

Affected ranges

Type
GIT
Repo
https://github.com/xerial/snappy-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
737f3973ff392c351da2744820a23a0521c6cc77

Affected versions

1.*

1.0.5
1.0.5-M2
1.0.5-M3
1.0.5-M4
1.1.0
1.1.0-M1
1.1.0-M2
1.1.0-M3
1.1.0-M4
1.1.1
1.1.1-M2
1.1.1-M3
1.1.1-M4
1.1.1.2
1.1.1.3
1.1.1.4
1.1.1.5
1.1.1.6
1.1.1.7
1.1.2
1.1.2-M1
1.1.2-RC1
1.1.2-RC2
1.1.2-RC3
1.1.2.5
1.1.3-M1
1.1.3-M2
1.1.4
1.1.4-M1
1.1.4-M2
1.1.4-M3
1.1.7
1.1.7.1
1.1.7.2
1.1.7.3
1.1.7.4
1.1.7.5
1.1.7.6
1.1.7.7
1.1.7.8
1.1.8
1.1.8.1
1.1.8.2
1.1.8.3
1.1.8.4

snappy-java-1.*

snappy-java-1.0.1-rc1
snappy-java-1.0.1-rc2
snappy-java-1.0.1-rc3
snappy-java-1.0.1-rc4
snappy-java-1.0.3
snappy-java-1.0.3-rc1
snappy-java-1.0.3-rc2
snappy-java-1.0.3-rc3
snappy-java-1.0.3-rc4
snappy-java-1.0.3.1
snappy-java-1.0.3.2
snappy-java-1.0.3.3
snappy-java-1.0.4
snappy-java-1.0.4.1

v1.*

v1.1.10.0
v1.1.2-M1
v1.1.9.0
v1.1.9.1

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isTooLargeFloatArrayInputLength",
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-592080d3",
        "signature_type": "Function",
        "digest": {
            "length": 108.0,
            "function_hash": "305806183518270641982183783563680953015"
        }
    },
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isTooLargeShortArrayInputLength",
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-5a878089",
        "signature_type": "Function",
        "digest": {
            "length": 108.0,
            "function_hash": "197601775410030034425030989621733157535"
        }
    },
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isTooLargeIntArrayInputLengthForBitShuffleShuffle",
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-63df3fd6",
        "signature_type": "Function",
        "digest": {
            "length": 112.0,
            "function_hash": "204471860700078750244256335571282342429"
        }
    },
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-6ca58f9e",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "261490785213025088667069519084385851285",
                "115180712698337214823336110482447980625",
                "185907569882866238489617931437768938230",
                "22766503012425561424347399626528426951",
                "47398372620838087293680663528119740885",
                "41439093073927938110424749635254633261",
                "241695992710027770388212532187292688290",
                "11246926499948285723754033511824957870",
                "298679599759123174924233449535123759814",
                "45439918193121619900213237061969853886",
                "30339311328546172599591398205177837163",
                "262126763193147493736605011807842713388",
                "60419524623487266613818866035678234667",
                "30814859348266383738399799573203192360",
                "88935231798783490651157935921504198216",
                "263308192564578953736411226870211669888",
                "233941339245417874827491070275106647559",
                "200258048960167040915388793802630733340",
                "183187363726692826116225043875719019933",
                "155944938025986211226064265962161225723",
                "77558098731799044015715635386911215536",
                "232903719964141847364936129034092060485",
                "245807789503580552370905330195606271044",
                "100252214819795669869488265287721696508",
                "37669627717310838818627131730005140703",
                "34001605554692726682637233224876866877",
                "279338451731205710147633082127329874606",
                "321547289523068309104143795617141525205",
                "246719486730118627021880866087983066673",
                "59120396845946570217300674942297236642",
                "62715668921460923325684843237737517265",
                "54094140783130811437880578714274541307",
                "75132167340552452825613793757449311636",
                "117477783293538305630240968745778268154",
                "196355941320863816565027561776687257012",
                "191315562440801440895118284696020563944",
                "180896432979654649654648714006639275164",
                "284569385832404136914000303131363925326",
                "88882916771909372740860740870539163218",
                "32272416715699875947325003550027131795",
                "309227563581567467663266503621092250926",
                "244751548516870372589955283081946241523",
                "9003947851440586996324164925868312933",
                "42565030544582528712807468368939449357",
                "290903690178320527250333709068364564171",
                "284917218618121208025823608059698997375",
                "155850013146986049844481716476322442081"
            ]
        }
    },
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isTooLargeLongArrayInputLengthForBitShuffleShuffle",
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-6cfba378",
        "signature_type": "Function",
        "digest": {
            "length": 112.0,
            "function_hash": "115694192477457560882035332182505764005"
        }
    },
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isTooLargeDoubleArrayInputLength",
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-7ccf9ef9",
        "signature_type": "Function",
        "digest": {
            "length": 108.0,
            "function_hash": "246469542818760304691132520761796565410"
        }
    },
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isTooLargeLongArrayInputLength",
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-7dfb9654",
        "signature_type": "Function",
        "digest": {
            "length": 108.0,
            "function_hash": "246469542818760304691132520761796565410"
        }
    },
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isTooLargeDoubleArrayInputLengthForBitShuffleShuffle",
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-87382306",
        "signature_type": "Function",
        "digest": {
            "length": 112.0,
            "function_hash": "115694192477457560882035332182505764005"
        }
    },
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isTooLargeFloatArrayInputLengthForBitShuffleShuffle",
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-93cdd4ec",
        "signature_type": "Function",
        "digest": {
            "length": 112.0,
            "function_hash": "204471860700078750244256335571282342429"
        }
    },
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isTooLargeIntArrayInputLength",
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-adcce448",
        "signature_type": "Function",
        "digest": {
            "length": 108.0,
            "function_hash": "305806183518270641982183783563680953015"
        }
    },
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isTooLargeCharArrayInputLength",
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-dc129d73",
        "signature_type": "Function",
        "digest": {
            "length": 108.0,
            "function_hash": "197601775410030034425030989621733157535"
        }
    },
    {
        "source": "https://github.com/xerial/snappy-java/commit/737f3973ff392c351da2744820a23a0521c6cc77",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isTooLargeShortArrayInputLengthForBitShuffleShuffle",
            "file": "src/test/java/org/xerial/snappy/SnappyTest.java"
        },
        "id": "CVE-2023-34453-f97fdafb",
        "signature_type": "Function",
        "digest": {
            "length": 112.0,
            "function_hash": "194152565227331479732749147694718474634"
        }
    }
]