The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:36
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 Feb 2023, 17:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
|
First Time |
Debian
Debian debian Linux |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2023/dsa-5316 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html - Mailing List, Third Party Advisory |
12 Jan 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Oct 2022, 13:43
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
First Time |
Oracle helidon
Oracle communications Cloud Native Core Unified Data Repository Oracle communications Cloud Native Core Security Edge Protection Proxy Oracle communications Instant Messaging Server Oracle communications Cloud Native Core Policy Oracle coherence Oracle webcenter Portal Oracle communications Cloud Native Core Network Slice Selection Function Oracle communications Brm - Elastic Charging Engine |
|
CPE | cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.48:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12:0.0.5.0:*:*:*:*:*:* |
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Feb 2022, 20:58
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp
Netapp oncommand Insight |
|
CPE | cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220210-0012/ - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory |
10 Feb 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Feb 2022, 16:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle peoplesoft Enterprise Peopletools
Oracle communications Diameter Signaling Router Oracle banking Apis Oracle Quarkus quarkus Oracle banking Digital Experience Quarkus Oracle communications Cloud Native Core Binding Support Function Oracle commerce Guided Search |
|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Third Party Advisory | |
CPE | cpe:2.3:a:apache:tinkerpop:3.5.1:*:*:*:*:*:*:* |
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:* cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:* |
07 Feb 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Dec 2021, 21:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:tinkerpop:3.5.0:*:*:*:*:*:*:* cpe:2.3:a:apache:tinkerpop:3.5.1:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e@%3Cdev.tinkerpop.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16@%3Ccommits.druid.apache.org%3E - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory |
26 Oct 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Oct 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Oct 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Oct 2021, 20:25
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-400 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv - Third Party Advisory |
19 Oct 2021, 15:26
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-19 15:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-37136
Mitre link : CVE-2021-37136
CVE.ORG link : CVE-2021-37136
JSON object : View
Products Affected
netty
- netty
oracle
- communications_instant_messaging_server
- communications_cloud_native_core_unified_data_repository
- webcenter_portal
- communications_cloud_native_core_security_edge_protection_proxy
- communications_cloud_native_core_network_slice_selection_function
- helidon
- coherence
- communications_cloud_native_core_policy
- banking_digital_experience
- communications_cloud_native_core_binding_support_function
- communications_diameter_signaling_router
- peoplesoft_enterprise_peopletools
- communications_brm_-_elastic_charging_engine
- banking_apis
- commerce_guided_search
netapp
- oncommand_insight
quarkus
- quarkus
debian
- debian_linux
CWE
CWE-400
Uncontrolled Resource Consumption