CVE-2023-34453

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-34453
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34453.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-34453
Aliases
Downstream
Related
Published
2023-06-15T16:12:34.119Z
Modified
2026-04-10T04:59:02.990537Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
Details

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error.

The function shuffle(int[] input) in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a java.lang.NegativeArraySizeException exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as java.lang.ArrayIndexOutOfBoundsException.

The same issue exists also when using the shuffle functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue.

Version 1.1.10.1 contains a patch for this vulnerability.

Database specific 
{
    "cwe_ids": [
        "CWE-190"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34453.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/xerial/snappy-java

Affected ranges

Type
GIT
Repo
https://github.com/xerial/snappy-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
737f3973ff392c351da2744820a23a0521c6cc77

Affected versions

1.*
1.0.5-M4
1.1.0
1.1.0-M1
1.1.0-M3
1.1.2.5
1.1.3-M1
1.1.3-M2
1.1.4
1.1.4-M1
1.1.4-M2
1.1.4-M3
1.1.7
1.1.7.1
1.1.7.2
1.1.7.3
1.1.7.4
1.1.7.5
1.1.7.6
1.1.7.7
1.1.7.8
1.1.8
1.1.8.1
1.1.8.2
1.1.8.3
1.1.8.4
snappy-java-1.*
snappy-java-1.0.1-rc1
snappy-java-1.0.1-rc2
snappy-java-1.0.1-rc3
snappy-java-1.0.1-rc4
snappy-java-1.0.3
snappy-java-1.0.3-rc1
snappy-java-1.0.3-rc2
snappy-java-1.0.3-rc3
snappy-java-1.0.3-rc4
snappy-java-1.0.3.1
snappy-java-1.0.3.2
snappy-java-1.0.3.3
snappy-java-1.0.4
snappy-java-1.0.4.1
v1.*
v1.1.10.0
v1.1.9.0
v1.1.9.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34453.json"