CNNVD-202512-2268 Information

Dec 12, 2025 cve

CNNVD ID

CNNVD-202512-2268

CVE-2025-67721

CNNVD Published: 2025-12-12

Description (Chinese)

Aircompressor是airlift开源的一个将 Snappy、LZO、LZ4 和 Zstandard 压缩算法移植到 Java 的库。 Aircompressor 3.3及之前版本存在安全漏洞，该漏洞源于Snappy和LZ4解压缩器处理畸形数据不当，可能导致敏感数据泄露。

Description (English)

Aircompressor is a library where Snappy, LZO, LZ4 and Zstandard compressors are transferred to Java. Aircompressor 3.3 and previous versions had a security loophole, which stemmed from the inappropriate handling of abnormal data by Snappy and LZ4 compressors, which could lead to the disclosure of sensitive data.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

airlift

Published

2025-12-12

Last Modified

2026-02-24

References

https://github.com/airlift/aircompressor/commit/f2b489b398779b40c1ee29ddb11d7edef54ddc15 https://github.com/airlift/aircompressor/commit/ff12c4d5757c9d6d1de3d39a10402f1f84f9b765 https://github.com/airlift/aircompressor/security/advisories/GHSA-vx9q-rhv9-3jvg

Patch

https://github.com/airlift/aircompressor/releases

Share on: