Description
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- none
- Availability
- high
- Weaknesses
- CWE-400CWE-400
Metadata
- Primary Vendor
- NETTY
- Published
- 10/19/2021
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
netty : nettyquarkus : quarkusoracle : banking_apisoracle : banking_apisoracle : banking_apisoracle : banking_apisoracle : banking_apisoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : coherenceoracle : coherenceoracle : commerce_guided_searchoracle : communications_brm_-_elastic_charging_engineoracle : communications_brm_-_elastic_charging_engineoracle : communications_cloud_native_core_binding_support_functionoracle : communications_cloud_native_core_binding_support_functionoracle : communications_cloud_native_core_network_slice_selection_functionoracle : communications_cloud_native_core_policyoracle : communications_cloud_native_core_security_edge_protection_proxyoracle : communications_cloud_native_core_unified_data_repositoryoracle : communications_diameter_signaling_routeroracle : communications_instant_messaging_serveroracle : helidonoracle : helidonoracle : peoplesoft_enterprise_peopletoolsoracle : peoplesoft_enterprise_peopletoolsoracle : peoplesoft_enterprise_peopletoolsoracle : peoplesoft_enterprise_peopletoolsoracle : webcenter_portaloracle : webcenter_portalnetapp : oncommand_insightdebian : debian_linuxdebian : debian_linux
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.