Your submission was sent successfully! Close

CVE-2021-37136

Published: 19 October 2021

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
netty
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Needs triage

upstream Needs triage

xenial Ignored
(out of standard support)