Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

Published

2021-10-19T15:15:07.697

Last Modified

2024-11-21T06:14:42.867

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-400
  • Type: Primary
    CWE-400
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application netty netty < 4.1.68 Yes
Application quarkus quarkus < 2.2.4 Yes
Application oracle banking_apis ≤ 18.3 Yes
Application oracle banking_apis 19.1 Yes
Application oracle banking_apis 19.2 Yes
Application oracle banking_apis 20.1 Yes
Application oracle banking_apis 21.1 Yes
Application oracle banking_digital_experience 18.1 Yes
Application oracle banking_digital_experience 18.2 Yes
Application oracle banking_digital_experience 18.3 Yes
Application oracle banking_digital_experience 19.1 Yes
Application oracle banking_digital_experience 19.2 Yes
Application oracle banking_digital_experience 20.1 Yes
Application oracle banking_digital_experience 21.1 Yes
Application oracle coherence 12.2.1.4.0 Yes
Application oracle coherence 14.1.1.0.0 Yes
Application oracle commerce_guided_search 11.3.2 Yes
Application oracle communications_brm_-_elastic_charging_engine < 12.0.0.4.6 Yes
Application oracle communications_brm_-_elastic_charging_engine 12 Yes
Application oracle communications_cloud_native_core_binding_support_function 1.10.0 Yes
Application oracle communications_cloud_native_core_binding_support_function 1.11.0 Yes
Application oracle communications_cloud_native_core_network_slice_selection_function 1.8.0 Yes
Application oracle communications_cloud_native_core_policy 1.15.0 Yes
Application oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0 Yes
Application oracle communications_cloud_native_core_unified_data_repository 1.15.0 Yes
Application oracle communications_diameter_signaling_router ≤ 8.5.0.2 Yes
Application oracle communications_instant_messaging_server 8.1 Yes
Application oracle helidon 1.4.10 Yes
Application oracle helidon 2.4.0 Yes
Application oracle peoplesoft_enterprise_peopletools 8.48 Yes
Application oracle peoplesoft_enterprise_peopletools 8.57 Yes
Application oracle peoplesoft_enterprise_peopletools 8.58 Yes
Application oracle peoplesoft_enterprise_peopletools 8.59 Yes
Application oracle webcenter_portal 12.2.1.3.0 Yes
Application oracle webcenter_portal 12.2.1.4.0 Yes
Application netapp oncommand_insight - Yes
Operating System debian debian_linux 10.0 Yes
Operating System debian debian_linux 11.0 Yes
References