CVE-2021-37137: SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.67231%
CWE
Published
9/9/2021
Updated
8/16/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
io.netty:netty-codec | maven | >= 4.0.0, < 4.1.68.Final | 4.1.68.Final |
org.jboss.netty:netty | maven | < 4.0.0 | |
io.netty:netty | maven | < 4.0.0 |