OESA-2023-1700

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1700
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2023-1700.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2023-1700
Upstream
Published
2023-09-28T11:06:03Z
Modified
2025-08-12T05:22:27.399235Z
Summary
snappy-java security update
Details

A Java port of the snappy, a fast compresser/decompresser written in C++.

Security Fix(es):

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit 9f8c3cf74 which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.(CVE-2023-43642)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1

snappy-java

Package

Name
snappy-java
Purl
pkg:rpm/openEuler/snappy-java&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.2.4-3.oe1

Ecosystem specific 

{
    "src": [
        "snappy-java-1.1.2.4-3.oe1.src.rpm"
    ],
    "noarch": [
        "snappy-java-javadoc-1.1.2.4-3.oe1.noarch.rpm"
    ],
    "x86_64": [
        "snappy-java-1.1.2.4-3.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "snappy-java-1.1.2.4-3.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP3

snappy-java

Package

Name
snappy-java
Purl
pkg:rpm/openEuler/snappy-java&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.2.4-3.oe1

Ecosystem specific 

{
    "src": [
        "snappy-java-1.1.2.4-3.oe1.src.rpm"
    ],
    "noarch": [
        "snappy-java-javadoc-1.1.2.4-3.oe1.noarch.rpm"
    ],
    "x86_64": [
        "snappy-java-1.1.2.4-3.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "snappy-java-1.1.2.4-3.oe1.aarch64.rpm"
    ]
}

openEuler:22.03-LTS

snappy-java

Package

Name
snappy-java
Purl
pkg:rpm/openEuler/snappy-java&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.2.4-3.oe2203sp2

Ecosystem specific 

{
    "src": [
        "snappy-java-1.1.2.4-3.oe2203.src.rpm",
        "snappy-java-1.1.2.4-3.oe2203sp1.src.rpm",
        "snappy-java-1.1.2.4-3.oe2203sp2.src.rpm"
    ],
    "noarch": [
        "snappy-java-javadoc-1.1.2.4-3.oe2203.noarch.rpm",
        "snappy-java-javadoc-1.1.2.4-3.oe2203sp1.noarch.rpm",
        "snappy-java-javadoc-1.1.2.4-3.oe2203sp2.noarch.rpm"
    ],
    "x86_64": [
        "snappy-java-1.1.2.4-3.oe2203.x86_64.rpm",
        "snappy-java-1.1.2.4-3.oe2203sp1.x86_64.rpm",
        "snappy-java-1.1.2.4-3.oe2203sp2.x86_64.rpm"
    ],
    "aarch64": [
        "snappy-java-1.1.2.4-3.oe2203.aarch64.rpm",
        "snappy-java-1.1.2.4-3.oe2203sp1.aarch64.rpm",
        "snappy-java-1.1.2.4-3.oe2203sp2.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP1

snappy-java

Package

Name
snappy-java
Purl
pkg:rpm/openEuler/snappy-java&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.2.4-3.oe2203sp1

Ecosystem specific 

{
    "src": [
        "snappy-java-1.1.2.4-3.oe2203sp1.src.rpm"
    ],
    "noarch": [
        "snappy-java-javadoc-1.1.2.4-3.oe2203sp1.noarch.rpm"
    ],
    "x86_64": [
        "snappy-java-1.1.2.4-3.oe2203sp1.x86_64.rpm"
    ],
    "aarch64": [
        "snappy-java-1.1.2.4-3.oe2203sp1.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP2

snappy-java

Package

Name
snappy-java
Purl
pkg:rpm/openEuler/snappy-java&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.2.4-3.oe2203sp2

Ecosystem specific 

{
    "src": [
        "snappy-java-1.1.2.4-3.oe2203sp2.src.rpm"
    ],
    "noarch": [
        "snappy-java-javadoc-1.1.2.4-3.oe2203sp2.noarch.rpm"
    ],
    "x86_64": [
        "snappy-java-1.1.2.4-3.oe2203sp2.x86_64.rpm"
    ],
    "aarch64": [
        "snappy-java-1.1.2.4-3.oe2203sp2.aarch64.rpm"
    ]
}