We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-36124

iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash



Description

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5.

Reserved 2024-05-20 | Published 2024-06-03 | Updated 2024-09-05 | Assigner GitHub_M


MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-125: Out-of-bounds Read

Product status

< 0.5
affected

References

github.com/...snappy/security/advisories/GHSA-8wh2-6qhj-h7j9

cve.org (CVE-2024-36124)

nvd.nist.gov (CVE-2024-36124)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-36124

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.

© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.