VDB
RHSA-2024%3A6893
RHSA-2024%3A6893
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A flaw was found in Snappy-java's fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial of service.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat AMQ Broker 7 |
Timeline
- Sep 19, 2024 CVE Published
- Apr 30, 2026 CVE Updated
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:6893 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.12.0 advisory
- https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.12 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2215214 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2215445 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6893.json advisory
- https://access.redhat.com/security/cve/CVE-2023-34455 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-34455 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-34455 advisory
- https://access.redhat.com/security/cve/CVE-2023-35116 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-35116 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-35116 advisory