CVE-2024-36114
Description
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.airlift:aircompressorMaven | < 0.27 | 0.27 |
Affected products
198- Range: 0.1, 0.10, 0.11, …
- osv-coords197 versionspkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-compatpkg:apk/chainguard/apache-nifi-toolkitpkg:apk/chainguard/druidpkg:apk/chainguard/druid-compatpkg:apk/chainguard/pyspark-scala-2.13pkg:apk/chainguard/spark-3.5pkg:apk/chainguard/spark-3.5-bitnami-compatpkg:apk/chainguard/spark-3.5-compatpkg:apk/chainguard/spark-3.5-minimalpkg:apk/chainguard/spark-3.5-minimal-openjdk-11pkg:apk/chainguard/spark-3.5-minimal-openjdk-17pkg:apk/chainguard/spark-3.5-minimal-openjdk-8pkg:apk/chainguard/spark-3.5-openjdk-11pkg:apk/chainguard/spark-3.5-openjdk-17pkg:apk/chainguard/spark-3.5-openjdk-8pkg:apk/chainguard/spark-3.5-scala-2.12pkg:apk/chainguard/spark-3.5-scala-2.12-bitnami-compatpkg:apk/chainguard/spark-3.5-scala-2.12-compatpkg:apk/chainguard/spark-3.5-scala-2.12-iamguarded-compatpkg:apk/chainguard/spark-3.5-scala-2.12-minimal-openjdk-11pkg:apk/chainguard/spark-3.5-scala-2.12-minimal-openjdk-17pkg:apk/chainguard/spark-3.5-scala-2.12-minimal-openjdk-8pkg:apk/chainguard/spark-3.5-scala-2.12-openjdk-11pkg:apk/chainguard/spark-3.5-scala-2.12-openjdk-17pkg:apk/chainguard/spark-3.5-scala-2.12-openjdk-8pkg:apk/chainguard/spark-3.5-scala-2.13pkg:apk/chainguard/spark-3.5-scala-2.13-compatpkg:apk/chainguard/spark-3.5-scala-2.13-openjdk-11pkg:apk/chainguard/spark-3.5-scala-2.13-openjdk-17pkg:apk/chainguard/spark-3.5-scala-2.13-openjdk-8pkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-http-server-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-phoenix5pkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/trino-plugin-verticapkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-compatpkg:apk/wolfi/apache-nifi-toolkitpkg:apk/wolfi/druidpkg:apk/wolfi/druid-compatpkg:apk/wolfi/pyspark-scala-2.13pkg:apk/wolfi/spark-3.5pkg:apk/wolfi/spark-3.5-bitnami-compatpkg:apk/wolfi/spark-3.5-compatpkg:apk/wolfi/spark-3.5-minimalpkg:apk/wolfi/spark-3.5-minimal-openjdk-11pkg:apk/wolfi/spark-3.5-minimal-openjdk-17pkg:apk/wolfi/spark-3.5-minimal-openjdk-8pkg:apk/wolfi/spark-3.5-openjdk-11pkg:apk/wolfi/spark-3.5-openjdk-17pkg:apk/wolfi/spark-3.5-openjdk-8pkg:apk/wolfi/spark-3.5-scala-2.12pkg:apk/wolfi/spark-3.5-scala-2.12-bitnami-compatpkg:apk/wolfi/spark-3.5-scala-2.12-compatpkg:apk/wolfi/spark-3.5-scala-2.12-iamguarded-compatpkg:apk/wolfi/spark-3.5-scala-2.12-minimal-openjdk-11pkg:apk/wolfi/spark-3.5-scala-2.12-minimal-openjdk-17pkg:apk/wolfi/spark-3.5-scala-2.12-minimal-openjdk-8pkg:apk/wolfi/spark-3.5-scala-2.12-openjdk-11pkg:apk/wolfi/spark-3.5-scala-2.12-openjdk-17pkg:apk/wolfi/spark-3.5-scala-2.12-openjdk-8pkg:apk/wolfi/spark-3.5-scala-2.13pkg:apk/wolfi/spark-3.5-scala-2.13-compatpkg:apk/wolfi/spark-3.5-scala-2.13-openjdk-11pkg:apk/wolfi/spark-3.5-scala-2.13-openjdk-17pkg:apk/wolfi/spark-3.5-scala-2.13-openjdk-8pkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-http-server-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-phoenix5pkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/trino-plugin-verticapkg:maven/io.airlift/aircompressor
< 2.0.0-r0+ 196 more
- (no CPE)range: < 2.0.0-r0
- (no CPE)range: < 2.0.0-r0
- (no CPE)range: < 2.0.0-r0
- (no CPE)range: < 32.0.1-r1
- (no CPE)range: < 32.0.1-r1
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 2.0.0-r0
- (no CPE)range: < 2.0.0-r0
- (no CPE)range: < 2.0.0-r0
- (no CPE)range: < 32.0.1-r1
- (no CPE)range: < 32.0.1-r1
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 3.5.1-r6
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 449-r0
- (no CPE)range: < 0.27
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-973x-65j7-xcf4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-36114ghsaADVISORY
- github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071nvdWEB
- github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6envdWEB
- github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7fnvdWEB
- github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3envdWEB
- github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4nvdWEB
News mentions
0No linked articles in our index yet.