CVE-2021-37137

2021-10-1915:15:07

Debian Security Bug Tracker

security-tracker.debian.org

snappy frame decoder

excessive memory usage

vulnerability

malicious input

network stream

skippable chunks

unix

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.01

Percentile

84.3%

JSON

The Snappy frame decoder function doesn’t restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.

OSVersionArchitecturePackageVersionFilename
Debian12allnetty< 1:4.1.48-6netty_1:4.1.48-6_all.deb
Debian11allnetty< 1:4.1.48-4+deb11u1netty_1:4.1.48-4+deb11u1_all.deb
Debian999allnetty< 1:4.1.48-6netty_1:4.1.48-6_all.deb
Debian13allnetty< 1:4.1.48-6netty_1:4.1.48-6_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	netty	< 1:4.1.48-6	netty_1:4.1.48-6_all.deb
Debian	11	all	netty	< 1:4.1.48-4+deb11u1	netty_1:4.1.48-4+deb11u1_all.deb
Debian	999	all	netty	< 1:4.1.48-6	netty_1:4.1.48-6_all.deb
Debian	13	all	netty	< 1:4.1.48-6	netty_1:4.1.48-6_all.deb