cvedb.io
CVE-2023-34453
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2023-06-15T17:15:09.790 · Last modified 2026-06-17T06:03:41.027

Summary

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will a

Affected products

xerial — snappy-java

Does this affect you?

Add your gear to cvedb and we'll alert you only when xerial ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.