CVE-2023-34453
Denial of Service vulnerability in snappy-java (Maven)
What is CVE-2023-34453 About?
This vulnerability in snappy-java can lead to a denial-of-service condition due to unchecked integer multiplications causing an overflow. This overflow can result in fatal errors such as `NegativeArraySizeException` or `ArrayIndexOutOfBoundsException`. Exploiting this vulnerability is relatively straightforward by providing a large input array.
Affected Software
Technical Details
The vulnerability resides in the shuffle function within BitShuffle.java (specifically shuffle(int[] input) and similar methods for double, float, long, short). This function calculates the size of an output byte array by multiplying the input array's length by a fixed factor (e.g., 4 for int[]). If the input.length is sufficiently large (e.g., 0x40000000 for integers), the multiplication input.length * 4 can cause an integer overflow. This overflow leads to the result becoming a smaller positive value, zero, or a negative value. A negative result will immediately trigger a java.lang.NegativeArraySizeException. If the result is zero or a small positive value, the byte[] output array is allocated with an incorrect size. Subsequent operations that attempt to reference elements beyond this incorrectly sized array will then result in a java.lang.ArrayIndexOutOfBoundsException, ultimately crashing the program and causing a denial-of-service.
What is the Impact of CVE-2023-34453?
Successful exploitation may allow attackers to crash the application, resulting in a denial-of-service condition and unavailability of the service.
What is the Exploitability of CVE-2023-34453?
Exploitation is of low complexity. The primary prerequisite is the ability to provide a large input array to the affected shuffle functions. No specific authentication or high privilege is required for this. Access can be either local, through direct code execution, or remote, if an application processes untrusted input of a size that can trigger the overflow. The risk factor is high if the application uses snappy-java for data processing and handles large data inputs without proper size validation before passing them to the shuffle functions.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-34453?
Available Upgrade Options
- org.xerial.snappy:snappy-java
- <1.1.10.1 → Upgrade to 1.1.10.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/xerial/snappy-java/commit/820e2e074c58748b41dbd547f4edba9e108ad905
- https://osv.dev/vulnerability/GHSA-pqr6-cmr2-h8hf
- https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.java#L107
- https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf
- https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf
- https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/BitShuffle.java
- https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/BitShuffle.java
- https://nvd.nist.gov/vuln/detail/CVE-2023-34453
- https://github.com/xerial/snappy-java
- https://github.com/xerial/snappy-java/commit/820e2e074c58748b41dbd547f4edba9e108ad905
What are Similar Vulnerabilities to CVE-2023-34453?
Similar Vulnerabilities: CVE-2023-3635 , CVE-2023-4316 , CVE-2022-42889 , CVE-2022-45143 , CVE-2021-42392
