CVE-2023-34453 : snappy-java is a fast compressor/decompressor for Java. Due to unchecked multipl

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`. The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue. Version 1.1.10.1 contains a patch for this vulnerability.

Published 2023-06-15 17:15:10

Updated 2023-06-27 15:59:58

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2023-34453

Xerial » Snappy-java
Versions before (<) 1.1.10.1
cpe:2.3:a:xerial:snappy-java:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-34453

EPSS FAQ

0.59%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-34453

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	GitHub, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-34453

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2023-34453

https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/BitShuffle.java

snappy-java/src/main/java/org/xerial/snappy/BitShuffle.java at master · xerial/snappy-java · GitHub
Issue Tracking
https://github.com/xerial/snappy-java/commit/820e2e074c58748b41dbd547f4edba9e108ad905

Merge pull request from GHSA-pqr6-cmr2-h8hf · xerial/snappy-java@820e2e0 · GitHub
Patch
https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf

Integer overflow in shuffle leads to DoS · Advisory · xerial/snappy-java · GitHub
Exploit;Vendor Advisory
https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.java#L107

snappy-java/src/main/java/org/xerial/snappy/BitShuffle.java at 05c39b2ca9b5b7b39611529cc302d3d796329611 · xerial/snappy-java · GitHub
Issue Tracking

Jump to

Vulnerability Details : CVE-2023-34453

Products affected by CVE-2023-34453

Exploit prediction scoring system (EPSS) score for CVE-2023-34453

CVSS scores for CVE-2023-34453

CWE ids for CVE-2023-34453

References for CVE-2023-34453