You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Found security vulnerability CVE-2021-37136 with severity >= 7 (severity = 7.5)
Found security vulnerability CVE-2021-37136 with severity < 9 (severity = 7.5)
Depenency tree
+--- com.typesafe.play:play-ahc-ws-standalone_2.13:2.1.10
| +--- com.typesafe.play:shaded-asynchttpclient:2.1.10
Description from CVE
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
Explanation
The netty-codec package is vulnerable to Denial of Service (DoS). The classes and methods listed below do not properly check if the output generated upon decompressing a user-supplied file compressed with the bzip2 format is within the allowed limit. A remote attacker can exploit this behavior by submitting a specially-crafted input encoded with the bzip2 format to trigger an Out Of Memory Error (OOME), resulting in a DoS condition.
Found security vulnerability CVE-2021-37136 with severity >= 7 (severity = 7.5)
Found security vulnerability CVE-2021-37136 with severity < 9 (severity = 7.5)
Depenency tree
+--- com.typesafe.play:play-ahc-ws-standalone_2.13:2.1.10
| +--- com.typesafe.play:shaded-asynchttpclient:2.1.10
Description from CVE
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
Explanation
The netty-codec package is vulnerable to Denial of Service (DoS). The classes and methods listed below do not properly check if the output generated upon decompressing a user-supplied file compressed with the bzip2 format is within the allowed limit. A remote attacker can exploit this behavior by submitting a specially-crafted input encoded with the bzip2 format to trigger an Out Of Memory Error (OOME), resulting in a DoS condition.
Vulnerable File(s) and Function(s):
io/netty/handler/codec/compression/Bzip2BlockDecompressor.class
decodeHuffmanData()
io/netty/handler/codec/compression/Bzip2Decoder.class
decode()
The text was updated successfully, but these errors were encountered: