CVE-2024-36124 – iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash

https://notcve.org/view.php?id=CVE-2024-36124

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5. iq80 Snappy es una librería de compresión/descompresión. Al descomprimir ciertos datos, Snappy intenta leer fuera de los límites de las matrices de bytes dadas. • https://github.com/dain/snappy/security/advisories/GHSA-8wh2-6qhj-h7j9 • CWE-125: Out-of-bounds Read •