Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash
Vulnerability Description
iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
跨界内存读
Vulnerability Title
Snappy 安全漏洞
Vulnerability Description
Snappy是KNP Labs个人开发者的一个 PHP 库,允许从 url 或 html 页面生成缩略图、快照或 PDF。 Snappy 0.5之前版本存在安全漏洞,该漏洞源于该应用解压数据时越界读取,导致 JVM 崩溃。
CVSS Information
N/A
Vulnerability Type
N/A