← Back to CVE List

CVE-2024-36124

Published: 2024-06-03T15:15Z
Last Modified: 2025-03-06T17:57Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt