Jonas Konrad

3 exploits Active since Aug 2023
CVE-2023-3894 WRITEUP MEDIUM WRITEUP
jackson-dataformats-text - DoS
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
CVSS 5.8
CVE-2025-29908 WRITEUP MEDIUM WRITEUP
Netty QUIC codec <0.0.71. Final - Hash DoS
Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability (in the hash map used to manage connections) allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs). This vulnerability is fixed in 0.0.71.Final.
CVSS 5.3
CVE-2025-66566 WRITEUP HIGH WRITEUP
LZ4 Java <1.10.1 - Info Disclosure
yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected. This vulnerability is fixed in 1.10.1.