CVE-2026-44302 - High Severity Vulnerability
Vulnerable Library - snappier.1.2.0.nupkg
A near-C++ performance implementation of the Snappy compression algorithm for .NET. Snappier is ported to C# directly
from the official C++ implementation, with the addition of support for the framed stream format.
By avoiding P/Invoke, Snappier is fully cross-platform and works on both Linux and Windows and against any CPU supported
by .NET. However, Snappier performs best in .NET 6 and later on little-endian x86/64 processors with the
help of System.Runtime.Instrinsics.</p>
Library home page: https://api.nuget.org/packages/snappier.1.2.0.nupkg
Path to dependency file: /src/SharpConnector.Tests/SharpConnector.Tests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/snappier/1.2.0/snappier.1.2.0.nupkg,/home/wss-scanner/.nuget/packages/snappier/1.2.0/snappier.1.2.0.nupkg,/home/wss-scanner/.nuget/packages/snappier/1.2.0/snappier.1.2.0.nupkg
Dependency Hierarchy:
- couchbasenetclient.3.9.1.nupkg (Root Library)
- ❌ snappier.1.2.0.nupkg (Vulnerable Library)
Found in base branch: develop
Vulnerability Details
Snappier is a high performance C# implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. This vulnerability is fixed in 1.3.1.
Publish Date: 2026-05-12
URL: CVE-2026-44302
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-pggp-6c3x-2xmx
Release Date: 2026-05-12
Fix Resolution: snappier - 1.3.1
Step up your Open Source Security Game with Mend here
CVE-2026-44302 - High Severity Vulnerability
A near-C++ performance implementation of the Snappy compression algorithm for .NET. Snappier is ported to C# directly from the official C++ implementation, with the addition of support for the framed stream format.
Library home page: https://api.nuget.org/packages/snappier.1.2.0.nupkg
Path to dependency file: /src/SharpConnector.Tests/SharpConnector.Tests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/snappier/1.2.0/snappier.1.2.0.nupkg,/home/wss-scanner/.nuget/packages/snappier/1.2.0/snappier.1.2.0.nupkg,/home/wss-scanner/.nuget/packages/snappier/1.2.0/snappier.1.2.0.nupkg
Dependency Hierarchy:
Found in base branch: develop
Snappier is a high performance C# implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. This vulnerability is fixed in 1.3.1.
Publish Date: 2026-05-12
URL: CVE-2026-44302
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-pggp-6c3x-2xmx
Release Date: 2026-05-12
Fix Resolution: snappier - 1.3.1
Step up your Open Source Security Game with Mend here