22Şub
If a library has a vulnerable function, but my code doesn’t call it, is my code at risk? Do I need to update?
I am trying to analyze CVE-2023-34453. As per the NVD description, there is an integer overflow error in snappy-java, specifically in the method shuffle(int[] input) in BitShuffle.java.
In a huge codeline this CVE was detected, and I want to assess if according to the usage of snappy-java in the codeline, if it is exploitable or not. Searching through the codeline, the guilty method is never used (by never used, I mean I couldn't find a call to this method). Can I base on that and say that there is no way to exploit this CVE in my case?
