Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier
CVE-2023-28638

7HIGH

Key Information:

Vendor: Brantburnett
Status: Snappier
Vendor: CVE Published:; 27 March 2023

🔔 Create Brantburnett Vulnerability Alert

What is CVE-2023-28638?

Snappier, a high-performance C# implementation of the Snappy compression algorithm, is susceptible to a buffer overrun vulnerability in version 1.1.0. This flaw arises due to changes made in the code to utilize byte references instead of pointers to pinned buffers, resulting in performance improvements but potential instability in memory management. When the .NET garbage collector compacts memory, it may not update byte references correctly if they reference an invalid memory location, leading to a scenario where a buffer can be overrun during specific checks. While triggering this flaw intentionally is difficult, it can potentially be exploited through crafted input data aimed at the decompression buffer, possibly resulting in a denial of service as processes terminate upon accessing protected memory. Users are urged to upgrade to version 1.1.1 to mitigate this issue, or to apply workarounds by pinning buffers to fixed locations.

Affected Version(s)

Snappier = 1.1.0

References

https://github.com/brantburnett/Snappier/security/advisor...

x_refsource_CONFIRM

https://github.com/brantburnett/Snappier/commit/d7ac5267b...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2023
Vulnerability Reserved
Mar 20, 2023

CVE-2023-28638 Data

JSON