VulnerableCode Package Details - pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-8p4t-8f51-h3dc Aliases: CVE-2021-37137 GHSA-9vjp-v76f-g363	Uncontrolled Resource Consumption The Snappy frame decoder function does not restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.	There are no reported fixed by versions.
VCID-swu5-a9h5-ffex Aliases: CVE-2021-43797 GHSA-wx5j-54mm-rqqq	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') This CVE has been marked as a False Positive and has been removed.	There are no reported fixed by versions.
VCID-xyc4-63ra-mfh2 Aliases: CVE-2021-37136 GHSA-grg4-wf29-r9vv	Uncontrolled Resource Consumption The Bzip2 decompression decoder function does not allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-8p4t-8f51-h3dc
Aliases:
CVE-2021-37137
GHSA-9vjp-v76f-g363

Uncontrolled Resource Consumption The Snappy frame decoder function does not restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.

There are no reported fixed by versions.

VCID-swu5-a9h5-ffex
Aliases:
CVE-2021-43797
GHSA-wx5j-54mm-rqqq

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') This CVE has been marked as a False Positive and has been removed.

There are no reported fixed by versions.

VCID-xyc4-63ra-mfh2
Aliases:
CVE-2021-37136
GHSA-grg4-wf29-r9vv

Uncontrolled Resource Consumption The Bzip2 decompression decoder function does not allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:01:26.946987+00:00	RedHat Importer	Affected by	VCID-8p4t-8f51-h3dc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37137.json	38.0.0
2026-04-01T14:01:25.781850+00:00	RedHat Importer	Affected by	VCID-xyc4-63ra-mfh2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37136.json	38.0.0
2026-04-01T14:00:55.123957+00:00	RedHat Importer	Affected by	VCID-swu5-a9h5-ffex	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json	38.0.0