CVE-2021-37136 – netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
https://notcve.org/view.php?id=CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack La función Bzip2 decompression decoder no permite establecer restricciones de tamaño en los datos de salida descomprimidos (lo que afecta al tamaño de asignación usado durante la descompresión). Todos los usuarios de Bzip2Decoder están afectados. La entrada maliciosa puede desencadenar un OOME y así un ataque de DoS A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. • https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E ht • CWE-400: Uncontrolled Resource Consumption •
CVE-2016-0679
https://notcve.org/view.php?id=CVE-2016-0679
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect integrity and availability via vectors related to PIA Grids. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools en Oracle PeopleSoft Products 8.53, 8.54 y 8.55 permite a usuarios remotos autenticados afectar a la integridad y disponibilidad a través de vectores relacionados con PIA Grids. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securitytracker.com/id/1035610 •
CVE-2011-3520
https://notcve.org/view.php?id=CVE-2011-3520
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49, 8.50, and 8.51 allows remote authenticated users to affect integrity via unknown vectors related to Personalization. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools en Oracle PeopleSoft Products v8.49, v8.50, y v8.51 permite a usuarios autenticados de forma remota afectar a la integridad a través de vectores desconocidos relacionado con Personalization. • http://osvdb.org/76522 http://secunia.com/advisories/46515 http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.securityfocus.com/bid/50247 https://exchange.xforce.ibmcloud.com/vulnerabilities/70796 •
CVE-2011-2315
https://notcve.org/view.php?id=CVE-2011-2315
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49, 8.50, and 8.51 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools en Oracle PeopleSoft Products v8.49, v8.50, y v8.51 permite a usuarios autenticados remotamente afectar a la confidencialidad e integridad a través de vectores desconocidos relacionado con Seguridad. • http://secunia.com/advisories/46515 http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.securityfocus.com/bid/50263 •
CVE-2011-0840
https://notcve.org/view.php?id=CVE-2011-0840
Unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools 8.49 GA through 8.49.30 allows remote authenticated users to affect confidentiality via unknown vectors related to File Processing. Vulnerabilidad sin especificar en Oracle PeopleSoft Enterprise PeopleTools 8.49 GA hasta la 8.49.30 permite a usuarios autenticados remotos vulnerar la confidencialidad a través de vectores desconocidos relacionados con el el procesamiento de archivos. • http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html •