CVE-2021-37137

Опубликовано: 19 окт. 2021

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	released	4.1.48-6
esm-apps/bionic	released	1:4.1.7-4ubuntu0.1+esm2
esm-apps/focal	released	1:4.1.45-1ubuntu0.1~esm1
esm-apps/jammy	released	1:4.1.48-4+deb11u1build0.22.04.1
esm-apps/noble	released	4.1.48-6
esm-apps/xenial	released	1:4.0.34-1ubuntu0.1~esm1
esm-infra-legacy/trusty	needs-triage
focal	ignored	end of standard support, was needed
hirsute	ignored	end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 85%

0.02383

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-37137

CVSS3: 7.5

redhat

больше 4 лет назад

CVE-2021-37137

CVSS3: 7.5

nvd

больше 4 лет назад

CVE-2021-37137

CVSS3: 7.5

debian

больше 4 лет назад

The Snappy frame decoder function doesn't restrict the chunk length wh ...

GHSA-9vjp-v76f-g363

CVSS3: 7.5

github

больше 4 лет назад

SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way

BDU:2023-08650

CVSS3: 7.5

fstec

больше 4 лет назад

Уязвимость функции декодирования кадров сетевого программного средства Netty, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 85%

0.02383

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2021-37137

Описание

Пакет netty

Ссылки на источники

Связанные уязвимости