Aircompressor, Information Disclosure, CVE-2021-29421 (Medium)

By /

Listen to this Post

The vulnerability in aircompressor’s Snappy and LZ4 decompressors stems from improper handling of malformed compressed data. When crafted inputs are processed, the decompression logic fails to fully overwrite the output buffer, especially when buffers are reused across calls. This occurs because the decompressor does not validate inputs sufficiently, allowing malicious data to trigger paths where buffer positions are not advanced correctly. In applications like web servers that allocate fixed-size buffers for performance, reused buffers without clearing retain residual data from previous decompressions. Attackers send specially crafted compressed packets to such services, causing the decompressor to output both new data and old buffer contents. This leak can include sensitive information like session tokens or private data. The issue is analogous to buffer overflow but for information disclosure, exploiting the lack of buffer zeroing between uses. Remote attackers can probe buffer contents gradually without authentication, making it critical in multi-tenant environments. The core flaw is in aircompressor versions before 3.4, where decompression algorithms assume valid inputs, leading to partial writes and information exposure.
Platform: Aircompressor
Version: < 3.4
Vulnerability: Information Disclosure
Severity: Medium
Date: 2021-04-15

Prediction: Fixed 3.4

What Undercode Say:

find . -name ".jar" -exec jar tf {} \; | grep aircompressor
java -cp aircompressor.jar io.airlift.compress.Version

byte[] buffer = new byte[bash];
decompressor.decompress(maliciousInput, buffer);
// Buffer may leak old data

How Exploit:

Craft malformed Snappy/LZ4 data. Send to target service. Retrieve leaked buffer contents via responses.

Protection from this CVE:

Update to aircompressor 3.4. Avoid buffer reuse. Clear buffers pre-decompression.

Impact:

Sensitive information disclosure. Credentials leakage. Session token exposure.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top