VulnerableCode Package Details - pkg:maven/io.netty/netty-codec@4.1.68.Final

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-tdp2-ve8k-zbds	The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack	CVE-2021-37136 GHSA-grg4-wf29-r9vv
VCID-yyyg-3z5x-vuay	The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.	CVE-2021-37137 GHSA-9vjp-v76f-g363

Vulnerability

Summary

Aliases

VCID-tdp2-ve8k-zbds

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

CVE-2021-37136
GHSA-grg4-wf29-r9vv

VCID-yyyg-3z5x-vuay

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.

CVE-2021-37137
GHSA-9vjp-v76f-g363

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T18:05:48.483504+00:00	GitLab Importer	Fixing	VCID-yyyg-3z5x-vuay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec/CVE-2021-37137.yml	37.0.0
2025-07-03T18:05:46.670542+00:00	GitLab Importer	Fixing	VCID-tdp2-ve8k-zbds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec/CVE-2021-37136.yml	37.0.0
2025-07-03T16:52:24.774288+00:00	GHSA Importer	Fixing	VCID-yyyg-3z5x-vuay	https://github.com/advisories/GHSA-9vjp-v76f-g363	37.0.0
2025-07-03T16:52:24.673087+00:00	GHSA Importer	Fixing	VCID-tdp2-ve8k-zbds	https://github.com/advisories/GHSA-grg4-wf29-r9vv	37.0.0
2025-07-01T12:18:06.102873+00:00	GithubOSV Importer	Fixing	VCID-tdp2-ve8k-zbds	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-grg4-wf29-r9vv/GHSA-grg4-wf29-r9vv.json	36.1.3
2025-07-01T12:18:03.166226+00:00	GithubOSV Importer	Fixing	VCID-yyyg-3z5x-vuay	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-9vjp-v76f-g363/GHSA-9vjp-v76f-g363.json	36.1.3