Summary
_Short summary of the problem. Make the impact and severity as clear as possible.
Snappy Java vulnerability introduced in 0.10.4 version
Details
Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.
cve : CVE-2023-34453 and CVE/2023-34454
Invalid length checking during compression can cause an integer to overflow causing an error to occur. It's possible for this to cause a denial of service on a vulnerable component.
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
installed version
Snappy Java 1.1.7.3
Fix : 1.1.10.1
Impact
What kind of vulnerability is it? Who is impacted?
It is unlikely this is exploitable in DataHub for these versions as we do not utilize Snappy Compression. If an instance has configured their Kafka settings in such a way to utilize it however, the instance could be vulnerable to this DoS.
Summary
_Short summary of the problem. Make the impact and severity as clear as possible.
Snappy Java vulnerability introduced in 0.10.4 version
Details
Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.
cve : CVE-2023-34453 and CVE/2023-34454
Invalid length checking during compression can cause an integer to overflow causing an error to occur. It's possible for this to cause a denial of service on a vulnerable component.
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
installed version
Snappy Java 1.1.7.3
Fix : 1.1.10.1
Impact
What kind of vulnerability is it? Who is impacted?
It is unlikely this is exploitable in DataHub for these versions as we do not utilize Snappy Compression. If an instance has configured their Kafka settings in such a way to utilize it however, the instance could be vulnerable to this DoS.