Vulnerability	Vulnerable Version
H Out-of-bounds Read Affected versions of this package are vulnerable to Out-of-bounds Read via the decompression process due to improper input length validation in the functions `SnappyRawDecompressor.readUncompressedLengt`, `SnappyRawDecompressor.uncompressAll`, `ZstdFrameDecompressor.decompress`, `Lz4RawDecompressor.decompress` and `LzoRawDecompressor.decompress`. By exploiting this vulnerability, an attacker can crash the JVM or leak sensitive information by decompressing specially crafted data from untrusted sources. How to fix Out-of-bounds Read? Upgrade `io.airlift:aircompressor` to version 0.27 or higher.	[,0.27)

Out-of-bounds Read

Affected versions of this package are vulnerable to Out-of-bounds Read via the decompression process due to improper input length validation in the functions SnappyRawDecompressor.readUncompressedLengt, SnappyRawDecompressor.uncompressAll, ZstdFrameDecompressor.decompress, Lz4RawDecompressor.decompress and LzoRawDecompressor.decompress.

By exploiting this vulnerability, an attacker can crash the JVM or leak sensitive information by decompressing specially crafted data from untrusted sources.

How to fix Out-of-bounds Read?

Upgrade io.airlift:aircompressor to version 0.27 or higher.

[,0.27)

Go back to all versions of this package