Miggo Logo

CVE-2021-37137: SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.67231%
Published
9/9/2021
Updated
8/16/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
io.netty:netty-codecmaven>= 4.0.0, < 4.1.68.Final4.1.68.Final
org.jboss.netty:nettymaven< 4.0.0
io.netty:nettymaven< 4.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

### Imp**t T** Sn*ppy *r*m* ***o**r *un*tion *o*sn't r*stri*t t** **unk l*n*t* w*i** m*y l*** to *x**ssiv* m*mory us***. **si** t*is it *lso m*y *u***r r*s*rv** skipp**l* **unks until t** w*ol* **unk w*s r***iv** w*i** m*y l*** to *x**ssiv* m*mory us

Reasoning

No *n*lysis *v*il**l*