Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u1?distro=trixie
Typedeb
Namespacedebian
Namenetty
Version1:4.1.48-4+deb11u1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1:4.1.48-4+deb11u2
Latest_non_vulnerable_version1:4.1.48-16
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8p4t-8f51-h3dc
vulnerability_id VCID-8p4t-8f51-h3dc
summary 
Uncontrolled Resource Consumption
The Snappy frame decoder function does not restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37137.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37137.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37137
reference_id
reference_type
scores
0
value 0.02383
scoring_system epss
scoring_elements 0.8502
published_at 2026-04-21T12:55:00Z
1
value 0.02383
scoring_system epss
scoring_elements 0.85023
published_at 2026-04-18T12:55:00Z
2
value 0.02383
scoring_system epss
scoring_elements 0.85021
published_at 2026-04-16T12:55:00Z
3
value 0.02383
scoring_system epss
scoring_elements 0.85
published_at 2026-04-13T12:55:00Z
4
value 0.02383
scoring_system epss
scoring_elements 0.85004
published_at 2026-04-12T12:55:00Z
5
value 0.02383
scoring_system epss
scoring_elements 0.85005
published_at 2026-04-11T12:55:00Z
6
value 0.02383
scoring_system epss
scoring_elements 0.8499
published_at 2026-04-09T12:55:00Z
7
value 0.02383
scoring_system epss
scoring_elements 0.84983
published_at 2026-04-08T12:55:00Z
8
value 0.02383
scoring_system epss
scoring_elements 0.8496
published_at 2026-04-07T12:55:00Z
9
value 0.02383
scoring_system epss
scoring_elements 0.84955
published_at 2026-04-04T12:55:00Z
10
value 0.02383
scoring_system epss
scoring_elements 0.84922
published_at 2026-04-01T12:55:00Z
11
value 0.02383
scoring_system epss
scoring_elements 0.84937
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37137
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
9
reference_url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/SnappyFrameDecoder.java#L171
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/SnappyFrameDecoder.java#L171
10
reference_url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/SnappyFrameDecoder.java#L185
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/SnappyFrameDecoder.java#L185
11
reference_url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/SnappyFrameDecoder.java#L79
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/SnappyFrameDecoder.java#L79
12
reference_url https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f
13
reference_url https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d@%3Ccommits.druid.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb@%3Ccommits.druid.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04@%3Ccommits.druid.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16@%3Ccommits.druid.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e@%3Cdev.tinkerpop.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e@%3Cdev.tinkerpop.apache.org%3E
19
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
20
reference_url https://security.netapp.com/advisory/ntap-20220210-0012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0012
21
reference_url https://security.netapp.com/advisory/ntap-20220210-0012/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0012/
22
reference_url https://www.debian.org/security/2023/dsa-5316
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5316
23
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
24
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
25
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014769
reference_id 1014769
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014769
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2004135
reference_id 2004135
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2004135
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37137
reference_id CVE-2021-37137
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37137
29
reference_url https://github.com/advisories/GHSA-9vjp-v76f-g363
reference_id GHSA-9vjp-v76f-g363
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vjp-v76f-g363
30
reference_url https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
reference_id GHSA-9vjp-v76f-g363
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
31
reference_url https://access.redhat.com/errata/RHSA-2021:3959
reference_id RHSA-2021:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3959
32
reference_url https://access.redhat.com/errata/RHSA-2021:4851
reference_id RHSA-2021:4851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4851
33
reference_url https://access.redhat.com/errata/RHSA-2021:5127
reference_id RHSA-2021:5127
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5127
34
reference_url https://access.redhat.com/errata/RHSA-2021:5128
reference_id RHSA-2021:5128
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5128
35
reference_url https://access.redhat.com/errata/RHSA-2021:5129
reference_id RHSA-2021:5129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5129
36
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
37
reference_url https://access.redhat.com/errata/RHSA-2022:0138
reference_id RHSA-2022:0138
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0138
38
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
39
reference_url https://access.redhat.com/errata/RHSA-2022:0589
reference_id RHSA-2022:0589
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0589
40
reference_url https://access.redhat.com/errata/RHSA-2022:1013
reference_id RHSA-2022:1013
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1013
41
reference_url https://access.redhat.com/errata/RHSA-2022:2216
reference_id RHSA-2022:2216
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2216
42
reference_url https://access.redhat.com/errata/RHSA-2022:2217
reference_id RHSA-2022:2217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2217
43
reference_url https://access.redhat.com/errata/RHSA-2022:2218
reference_id RHSA-2022:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2218
44
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
45
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
46
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
47
reference_url https://access.redhat.com/errata/RHSA-2022:5903
reference_id RHSA-2022:5903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5903
48
reference_url https://access.redhat.com/errata/RHSA-2022:6835
reference_id RHSA-2022:6835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6835
49
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
50
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
51
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
52
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
0
url pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/netty@1:4.1.48-6?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-6%3Fdistro=trixie
3
url pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-7%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/netty@1:4.1.48-10?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-10%3Fdistro=trixie
5
url pkg:deb/debian/netty@1:4.1.48-16?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-16?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-16%3Fdistro=trixie
aliases CVE-2021-37137, GHSA-9vjp-v76f-g363
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8p4t-8f51-h3dc
1
url VCID-m7b8-8zcj-uqey
vulnerability_id VCID-m7b8-8zcj-uqey
summary 
Netty vulnerable to HTTP Response splitting from assigning header value iterator
### Impact
When calling `DefaultHttpHeaders.set` with an _iterator_ of values (as opposed to a single given value), header value validation was not performed, allowing malicious header values in the iterator to perform [HTTP Response Splitting](https://owasp.org/www-community/attacks/HTTP_Response_Splitting).

### Patches
The necessary validation was added in Netty 4.1.86.Final.

### Workarounds
Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values.

### References
[HTTP Response Splitting](https://owasp.org/www-community/attacks/HTTP_Response_Splitting)
[CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers](https://cwe.mitre.org/data/definitions/113.html)

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [[example link to repo](https://github.com/netty/netty)](https://github.com/netty/netty)
* Email us at [netty-security@googlegroups.com](mailto:netty-security@googlegroups.com)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41915
reference_id
reference_type
scores
0
value 0.00521
scoring_system epss
scoring_elements 0.6681
published_at 2026-04-07T12:55:00Z
1
value 0.00521
scoring_system epss
scoring_elements 0.66812
published_at 2026-04-02T12:55:00Z
2
value 0.00521
scoring_system epss
scoring_elements 0.66872
published_at 2026-04-09T12:55:00Z
3
value 0.00521
scoring_system epss
scoring_elements 0.66859
published_at 2026-04-08T12:55:00Z
4
value 0.00521
scoring_system epss
scoring_elements 0.66837
published_at 2026-04-04T12:55:00Z
5
value 0.00521
scoring_system epss
scoring_elements 0.66846
published_at 2026-04-13T12:55:00Z
6
value 0.00521
scoring_system epss
scoring_elements 0.66878
published_at 2026-04-12T12:55:00Z
7
value 0.00521
scoring_system epss
scoring_elements 0.66892
published_at 2026-04-11T12:55:00Z
8
value 0.00555
scoring_system epss
scoring_elements 0.68123
published_at 2026-04-21T12:55:00Z
9
value 0.00555
scoring_system epss
scoring_elements 0.6814
published_at 2026-04-18T12:55:00Z
10
value 0.00555
scoring_system epss
scoring_elements 0.68128
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41915
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
8
reference_url https://github.com/netty/netty/commit/c37c637f096e7be3dffd36edee3455c8e90cb1b0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/commit/c37c637f096e7be3dffd36edee3455c8e90cb1b0
9
reference_url https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4
10
reference_url https://github.com/netty/netty/issues/13084
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/issues/13084
11
reference_url https://github.com/netty/netty/pull/12760
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/pull/12760
12
reference_url https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
13
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41915
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41915
15
reference_url https://security.netapp.com/advisory/ntap-20230113-0004
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230113-0004
16
reference_url https://security.netapp.com/advisory/ntap-20230113-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230113-0004/
17
reference_url https://www.debian.org/security/2023/dsa-5316
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5316
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027180
reference_id 1027180
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027180
19
reference_url https://github.com/advisories/GHSA-hh82-3pmq-7frp
reference_id GHSA-hh82-3pmq-7frp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hh82-3pmq-7frp
20
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
0
url pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/netty@1:4.1.48-6?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-6%3Fdistro=trixie
3
url pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-7%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/netty@1:4.1.48-10?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-10%3Fdistro=trixie
5
url pkg:deb/debian/netty@1:4.1.48-16?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-16?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-16%3Fdistro=trixie
aliases CVE-2022-41915, GHSA-hh82-3pmq-7frp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7b8-8zcj-uqey
2
url VCID-qruf-r6dc-3ugj
vulnerability_id VCID-qruf-r6dc-3ugj
summary 
HAProxyMessageDecoder Stack Exhaustion DoS
### Impact
A StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion.

### Patches
Users should upgrade to 4.1.86.Final.

### Workarounds
There is no workaround, except using a custom HaProxyMessageDecoder.

### References
When parsing a TLV with type = PP2_TYPE_SSL, the value can be again a TLV with type = PP2_TYPE_SSL and so on.
The only limitation of the recursion is that the TLV length cannot be bigger than 0xffff because it is encoded in an unsigned short type.
Providing a TLV with a nesting level that is large enough will lead to raising of a StackOverflowError.
The StackOverflowError will be caught if HAProxyMessageDecoder is used as part of Netty’s ChannelPipeline, but using it directly without the ChannelPipeline will lead to a thrown exception / crash.


### For more information
If you have any questions or comments about this advisory:
* Open an issue in [netty](https://github.com/netty/netty)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41881.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41881.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41881
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33795
published_at 2026-04-21T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33827
published_at 2026-04-18T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.3384
published_at 2026-04-16T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.33802
published_at 2026-04-13T12:55:00Z
4
value 0.00138
scoring_system epss
scoring_elements 0.33826
published_at 2026-04-12T12:55:00Z
5
value 0.00138
scoring_system epss
scoring_elements 0.33868
published_at 2026-04-11T12:55:00Z
6
value 0.00138
scoring_system epss
scoring_elements 0.3387
published_at 2026-04-09T12:55:00Z
7
value 0.00138
scoring_system epss
scoring_elements 0.33838
published_at 2026-04-08T12:55:00Z
8
value 0.00138
scoring_system epss
scoring_elements 0.33796
published_at 2026-04-07T12:55:00Z
9
value 0.00138
scoring_system epss
scoring_elements 0.33942
published_at 2026-04-04T12:55:00Z
10
value 0.00138
scoring_system epss
scoring_elements 0.33911
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41881
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
9
reference_url https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
10
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41881
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41881
12
reference_url https://security.netapp.com/advisory/ntap-20230113-0004
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230113-0004
13
reference_url https://security.netapp.com/advisory/ntap-20230113-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230113-0004/
14
reference_url https://www.debian.org/security/2023/dsa-5316
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5316
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027180
reference_id 1027180
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027180
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153379
reference_id 2153379
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2153379
17
reference_url https://github.com/advisories/GHSA-fx2c-96vj-985v
reference_id GHSA-fx2c-96vj-985v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fx2c-96vj-985v
18
reference_url https://access.redhat.com/errata/RHSA-2023:0577
reference_id RHSA-2023:0577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0577
19
reference_url https://access.redhat.com/errata/RHSA-2023:0713
reference_id RHSA-2023:0713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0713
20
reference_url https://access.redhat.com/errata/RHSA-2023:0758
reference_id RHSA-2023:0758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0758
21
reference_url https://access.redhat.com/errata/RHSA-2023:0888
reference_id RHSA-2023:0888
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0888
22
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
23
reference_url https://access.redhat.com/errata/RHSA-2023:2705
reference_id RHSA-2023:2705
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2705
24
reference_url https://access.redhat.com/errata/RHSA-2023:2706
reference_id RHSA-2023:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2706
25
reference_url https://access.redhat.com/errata/RHSA-2023:2707
reference_id RHSA-2023:2707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2707
26
reference_url https://access.redhat.com/errata/RHSA-2023:2710
reference_id RHSA-2023:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2710
27
reference_url https://access.redhat.com/errata/RHSA-2023:2713
reference_id RHSA-2023:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2713
28
reference_url https://access.redhat.com/errata/RHSA-2023:3373
reference_id RHSA-2023:3373
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3373
29
reference_url https://access.redhat.com/errata/RHSA-2023:3374
reference_id RHSA-2023:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3374
30
reference_url https://access.redhat.com/errata/RHSA-2023:4627
reference_id RHSA-2023:4627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4627
31
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
32
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
33
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
0
url pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/netty@1:4.1.48-6?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-6%3Fdistro=trixie
3
url pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-7%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/netty@1:4.1.48-10?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-10%3Fdistro=trixie
5
url pkg:deb/debian/netty@1:4.1.48-16?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-16?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-16%3Fdistro=trixie
aliases CVE-2022-41881, GHSA-fx2c-96vj-985v
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qruf-r6dc-3ugj
3
url VCID-swu5-a9h5-ffex
vulnerability_id VCID-swu5-a9h5-ffex
summary 
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
This CVE has been marked as a False Positive and has been removed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43797
reference_id
reference_type
scores
0
value 0.00381
scoring_system epss
scoring_elements 0.59579
published_at 2026-04-21T12:55:00Z
1
value 0.00381
scoring_system epss
scoring_elements 0.59596
published_at 2026-04-18T12:55:00Z
2
value 0.00381
scoring_system epss
scoring_elements 0.59589
published_at 2026-04-16T12:55:00Z
3
value 0.00381
scoring_system epss
scoring_elements 0.59556
published_at 2026-04-13T12:55:00Z
4
value 0.00381
scoring_system epss
scoring_elements 0.59575
published_at 2026-04-12T12:55:00Z
5
value 0.00381
scoring_system epss
scoring_elements 0.59592
published_at 2026-04-11T12:55:00Z
6
value 0.00381
scoring_system epss
scoring_elements 0.59573
published_at 2026-04-09T12:55:00Z
7
value 0.00381
scoring_system epss
scoring_elements 0.59509
published_at 2026-04-07T12:55:00Z
8
value 0.00381
scoring_system epss
scoring_elements 0.59541
published_at 2026-04-04T12:55:00Z
9
value 0.00381
scoring_system epss
scoring_elements 0.59515
published_at 2026-04-02T12:55:00Z
10
value 0.00381
scoring_system epss
scoring_elements 0.59561
published_at 2026-04-08T12:55:00Z
11
value 0.00381
scoring_system epss
scoring_elements 0.59443
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43797
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
9
reference_url https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323
10
reference_url https://github.com/netty/netty/pull/11891
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/pull/11891
11
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
12
reference_url https://security.netapp.com/advisory/ntap-20220107-0003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220107-0003
13
reference_url https://security.netapp.com/advisory/ntap-20220107-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220107-0003/
14
reference_url https://www.debian.org/security/2023/dsa-5316
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5316
15
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
16
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001437
reference_id 1001437
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001437
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2031958
reference_id 2031958
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2031958
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43797
reference_id CVE-2021-43797
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43797
20
reference_url https://github.com/advisories/GHSA-wx5j-54mm-rqqq
reference_id GHSA-wx5j-54mm-rqqq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wx5j-54mm-rqqq
21
reference_url https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
reference_id GHSA-wx5j-54mm-rqqq
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
22
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
23
reference_url https://access.redhat.com/errata/RHSA-2022:1345
reference_id RHSA-2022:1345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1345
24
reference_url https://access.redhat.com/errata/RHSA-2022:2216
reference_id RHSA-2022:2216
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2216
25
reference_url https://access.redhat.com/errata/RHSA-2022:2217
reference_id RHSA-2022:2217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2217
26
reference_url https://access.redhat.com/errata/RHSA-2022:2218
reference_id RHSA-2022:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2218
27
reference_url https://access.redhat.com/errata/RHSA-2022:4623
reference_id RHSA-2022:4623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4623
28
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
29
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
30
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
31
reference_url https://access.redhat.com/errata/RHSA-2022:5101
reference_id RHSA-2022:5101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5101
32
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
33
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
34
reference_url https://access.redhat.com/errata/RHSA-2022:5903
reference_id RHSA-2022:5903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5903
35
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
36
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
37
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
38
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
39
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
40
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
41
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
42
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
0
url pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/netty@1:4.1.48-6?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-6%3Fdistro=trixie
3
url pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-7%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/netty@1:4.1.48-10?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-10%3Fdistro=trixie
5
url pkg:deb/debian/netty@1:4.1.48-16?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-16?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-16%3Fdistro=trixie
aliases CVE-2021-43797, GHSA-wx5j-54mm-rqqq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swu5-a9h5-ffex
4
url VCID-xyc4-63ra-mfh2
vulnerability_id VCID-xyc4-63ra-mfh2
summary 
Uncontrolled Resource Consumption
The Bzip2 decompression decoder function does not allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37136.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37136.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37136
reference_id
reference_type
scores
0
value 0.01187
scoring_system epss
scoring_elements 0.78824
published_at 2026-04-21T12:55:00Z
1
value 0.01187
scoring_system epss
scoring_elements 0.78826
published_at 2026-04-18T12:55:00Z
2
value 0.01187
scoring_system epss
scoring_elements 0.78829
published_at 2026-04-16T12:55:00Z
3
value 0.01187
scoring_system epss
scoring_elements 0.78801
published_at 2026-04-13T12:55:00Z
4
value 0.01187
scoring_system epss
scoring_elements 0.7881
published_at 2026-04-12T12:55:00Z
5
value 0.01187
scoring_system epss
scoring_elements 0.78827
published_at 2026-04-11T12:55:00Z
6
value 0.01187
scoring_system epss
scoring_elements 0.78804
published_at 2026-04-09T12:55:00Z
7
value 0.01187
scoring_system epss
scoring_elements 0.78796
published_at 2026-04-08T12:55:00Z
8
value 0.01187
scoring_system epss
scoring_elements 0.78771
published_at 2026-04-07T12:55:00Z
9
value 0.01187
scoring_system epss
scoring_elements 0.78788
published_at 2026-04-04T12:55:00Z
10
value 0.01187
scoring_system epss
scoring_elements 0.78757
published_at 2026-04-02T12:55:00Z
11
value 0.01187
scoring_system epss
scoring_elements 0.7875
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37136
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
9
reference_url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L294
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L294
10
reference_url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L305
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L305
11
reference_url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L80
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L80
12
reference_url https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020
13
reference_url https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d@%3Ccommits.druid.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb@%3Ccommits.druid.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04@%3Ccommits.druid.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16@%3Ccommits.druid.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e@%3Cdev.tinkerpop.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e@%3Cdev.tinkerpop.apache.org%3E
19
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
20
reference_url https://security.netapp.com/advisory/ntap-20220210-0012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0012
21
reference_url https://security.netapp.com/advisory/ntap-20220210-0012/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0012/
22
reference_url https://www.debian.org/security/2023/dsa-5316
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5316
23
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
24
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
25
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014769
reference_id 1014769
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014769
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2004133
reference_id 2004133
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2004133
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37136
reference_id CVE-2021-37136
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37136
29
reference_url https://github.com/advisories/GHSA-grg4-wf29-r9vv
reference_id GHSA-grg4-wf29-r9vv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-grg4-wf29-r9vv
30
reference_url https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
reference_id GHSA-grg4-wf29-r9vv
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
31
reference_url https://access.redhat.com/errata/RHSA-2021:3959
reference_id RHSA-2021:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3959
32
reference_url https://access.redhat.com/errata/RHSA-2021:4851
reference_id RHSA-2021:4851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4851
33
reference_url https://access.redhat.com/errata/RHSA-2021:5127
reference_id RHSA-2021:5127
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5127
34
reference_url https://access.redhat.com/errata/RHSA-2021:5128
reference_id RHSA-2021:5128
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5128
35
reference_url https://access.redhat.com/errata/RHSA-2021:5129
reference_id RHSA-2021:5129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5129
36
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
37
reference_url https://access.redhat.com/errata/RHSA-2022:0138
reference_id RHSA-2022:0138
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0138
38
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
39
reference_url https://access.redhat.com/errata/RHSA-2022:0589
reference_id RHSA-2022:0589
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0589
40
reference_url https://access.redhat.com/errata/RHSA-2022:1013
reference_id RHSA-2022:1013
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1013
41
reference_url https://access.redhat.com/errata/RHSA-2022:2216
reference_id RHSA-2022:2216
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2216
42
reference_url https://access.redhat.com/errata/RHSA-2022:2217
reference_id RHSA-2022:2217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2217
43
reference_url https://access.redhat.com/errata/RHSA-2022:2218
reference_id RHSA-2022:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2218
44
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
45
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
46
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
47
reference_url https://access.redhat.com/errata/RHSA-2022:5903
reference_id RHSA-2022:5903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5903
48
reference_url https://access.redhat.com/errata/RHSA-2022:6835
reference_id RHSA-2022:6835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6835
49
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
50
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
51
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
52
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
0
url pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/netty@1:4.1.48-6?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-6%3Fdistro=trixie
3
url pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-7%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/netty@1:4.1.48-10?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-10%3Fdistro=trixie
5
url pkg:deb/debian/netty@1:4.1.48-16?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-16?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-16%3Fdistro=trixie
aliases CVE-2021-37136, GHSA-grg4-wf29-r9vv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xyc4-63ra-mfh2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u1%3Fdistro=trixie