cvedb.io
CVE-2023-28638
HIGH · CVSS 7
EPSS exploitation probability: 0%
Published 2023-03-27T21:15:12.603 · Last modified 2026-06-17T05:48:26.773

Summary

Snappier is a high performance C# implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change generally improves performance and reduces workload on the garbage collector. However, when the garbage collector performs compaction and rearranges memory, it must update any byte references on the stack to refer to the updated location. The .NET garbage collector can only update these byte references if they still point within the buffer or to a point one byte past the end of the buffer. If they point outside this area, the buffer itself may be moved while the byte reference stays the same. There are

Affected products

snappier_project — snappier

Does this affect you?

Add your gear to cvedb and we'll alert you only when snappier_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.