The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| netty | netty | 4.1 - 4.1.46 | - |
| debian | debian_linux | - | - |
| debian | debian_linux | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
15
Affected Products
90
References
netty / netty
| - |
| fedoraproject | fedora | - | - |
| netapp | oncommand_api_services | - | - |
| netapp | oncommand_insight | - | - |
| netapp | oncommand_workflow_automation | - | - |
| oracle | communications_brm_-_elastic_charging_engine | - | - |
| oracle | communications_cloud_native_core_service_communication_proxy | - | - |
| oracle | communications_design_studio | - | - |
| oracle | nosql_database | 20.3 | - |
| oracle | siebel_core_-_server_framework | 21.5 | - |
| oracle | webcenter_portal | - | - |
| oracle | webcenter_portal | - | - |
| oracle | communications_messaging_server | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability
Impact