VulnerableCode Package Details - pkg:maven/io.netty/netty-codec@4.1.46.Final

Search for packages

Vulnerability	Summary	Fixed by
VCID-tdp2-ve8k-zbds Aliases: CVE-2021-37136 GHSA-grg4-wf29-r9vv	The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack	4.1.68.Final Affected by 0 other vulnerabilities. 4.1.68 Affected by 0 other vulnerabilities.
VCID-yyyg-3z5x-vuay Aliases: CVE-2021-37137 GHSA-9vjp-v76f-g363	The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.	4.1.68.Final Affected by 0 other vulnerabilities. 4.1.68 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-tdp2-ve8k-zbds
Aliases:
CVE-2021-37136
GHSA-grg4-wf29-r9vv

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

4.1.68.Final
Affected by 0 other vulnerabilities.

4.1.68
Affected by 0 other vulnerabilities.

VCID-yyyg-3z5x-vuay
Aliases:
CVE-2021-37137
GHSA-9vjp-v76f-g363

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.

4.1.68.Final
Affected by 0 other vulnerabilities.

4.1.68
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7xma-5zdf-57dd	The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.	CVE-2020-11612 GHSA-mm9x-g8pc-w292

Vulnerability

Summary

Aliases

VCID-7xma-5zdf-57dd

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

CVE-2020-11612
GHSA-mm9x-g8pc-w292

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T18:05:48.435418+00:00	GitLab Importer	Affected by	VCID-yyyg-3z5x-vuay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec/CVE-2021-37137.yml	37.0.0
2025-07-03T18:05:46.613690+00:00	GitLab Importer	Affected by	VCID-tdp2-ve8k-zbds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec/CVE-2021-37136.yml	37.0.0
2025-07-03T17:40:26.979975+00:00	GitLab Importer	Fixing	VCID-7xma-5zdf-57dd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec/CVE-2020-11612.yml	37.0.0
2025-07-03T13:55:09.667465+00:00	GitLab Importer	Fixing	VCID-7xma-5zdf-57dd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec/CVE-2020-11612.yml	36.1.3