netty netty CVE-2021-37136 vulnerability in Netty and Other Products
Published on October 19, 2021

product logo product logo product logo product logo product logo product logo product logo
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

Github Repository Vendor Advisory NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2021-37136 has been classified to as a Resource Exhaustion vulnerability or weakness.


Products Associated with CVE-2021-37136

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-37136 are published in these products:

Netty
 
Apache Tinkerpop
 
Quarkus
 
Oracle Banking Apis
 
Oracle Banking Digital Experience
 
Oracle Commerce Guided Search
 
Oracle Communications Cloud Native Core Binding Support Function
 
Oracle Communications Diameter Signaling Router
 
Oracle Peoplesoft Enterprise Peopletools
 
NetApp Oncommand Insight
 
Oracle Webcenter Portal
 
Oracle Coherence
 
Oracle Communications Cloud Native Core Security Edge Protection Proxy
 
Oracle Communications Cloud Native Core Policy
 
Oracle Communications Cloud Native Core Unified Data Repository
 
Oracle Communications Cloud Native Core Network Slice Selection Function
 
Oracle Helidon
 
Oracle Communications Instant Messaging Server
 
Oracle Communications Brm Elastic Charging Engine
 
Debian Linux
 
Canonical Ubuntu Linux
 
Oracle
 

Affected Versions

The Netty project Netty:

Vulnerable Packages

The following package name and versions may be associated with CVE-2021-37136

Package Manager Vulnerable Package Versions Fixed In
maven netty-codec <= 4.1.67.Final 4.1.68.Final

Exploit Probability

EPSS
1.19%
Percentile
78.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.