Miggo Logo

CVE-2024-36114: Decompressors can crash the JVM and leak memory content in Aircompressor

8.6

CVSS Score
3.1

Basic Information

EPSS Score
0.26301%
Published
6/2/2024
Updated
6/2/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
io.airlift:aircompressormaven< 0.270.27

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing bounds checks when handling compressed data lengths. All patched files added explicit checks for negative lengths/offsets caused by integer overflow (e.g., literalLength < 0). The functions directly process untrusted input using sun.misc.Unsafe for memory operations, and the absence of these checks allowed: 1) OOB reads/writes via negative lengths wrapping to large positive values, 2) Access to memory outside allocated buffers. The commit diffs show these functions were modified to add MalformedInputException throws precisely where length validation was missing, confirming their vulnerable status.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry *ll ***ompr*ssor impl*m*nt*tions o* *ir*ompr*ssor (LZ*, LZO, Sn*ppy, Zst*n**r*) **n *r*s* t** JVM *or **rt*in input, *n* in som* **s*s *lso l**k t** *ont*nt o* ot**r m*mory o* t** J*v* pro**ss (w*i** *oul* *ont*in s*nsitiv* in*orm*tion).

Reasoning

T** vuln*r**ility st*ms *rom missin* *oun*s ****ks w**n **n*lin* *ompr*ss** **t* l*n*t*s. *ll p*t**** *il*s ***** *xpli*it ****ks *or n***tiv* l*n*t*s/o**s*ts **us** *y int***r ov*r*low (*.*., lit*r*lL*n*t* < *). T** *un*tions *ir**tly pro**ss untrus