EXECUTIVE SUMMARY:
CVE-2026-44302 with a CVSS score of 7.5 is a high-severity vulnerability in the Snappier package, affecting versions less than or equal to 1.3.0. The vulnerability occurs when the Snappier.SnappyStream decompression function is fed malformed framed-format Snappy stream input, causing it to enter an uncatchable infinite loop. An attacker can exploit this vulnerability by providing malicious input to a Snappier.SnappyStream decompression function, requiring access to a system where a vulnerable version of Snappier is installed and used, which would enable the attacker to consume system resources and potentially lead to a denial-of-service (DoS) condition. The business impact of this vulnerability would be significant, as it could result in prolonged system downtime and resource exhaustion, resulting in financial losses and reputational damage, assuming the attack is successful and the system is not terminated to prevent further resource utilization.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-44302 with a CVSS score of 7.5 is a high-severity vulnerability in the Snappier package, affecting versions less than or equal to 1.3.0. The vulnerability occurs when the Snappier.SnappyStream decompression function is fed malformed framed-format Snappy stream input, causing it to enter an uncatchable infinite loop. An attacker can exploit this vulnerability by providing malicious input to a Snappier.SnappyStream decompression function, requiring access to a system where a vulnerable version of Snappier is installed and used, which would enable the attacker to consume system resources and potentially lead to a denial-of-service (DoS) condition. The business impact of this vulnerability would be significant, as it could result in prolonged system downtime and resource exhaustion, resulting in financial losses and reputational damage, assuming the attack is successful and the system is not terminated to prevent further resource utilization.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-pggp-6c3x-2xmx