The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: JFROG
Published: 2021-10-19T00:00:00
Updated: 2024-08-04T01:16:02.944Z
Reserved: 2021-07-20T00:00:00
Link: CVE-2021-37136
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-10-19T15:15:07.697
Modified: 2024-11-21T06:14:42.867
Link: CVE-2021-37136
Redhat