CVE-2021-37136 – netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
https://notcve.org/view.php?id=CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack La función Bzip2 decompression decoder no permite establecer restricciones de tamaño en los datos de salida descomprimidos (lo que afecta al tamaño de asignación usado durante la descompresión). Todos los usuarios de Bzip2Decoder están afectados. La entrada maliciosa puede desencadenar un OOME y así un ataque de DoS A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. • https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E ht • CWE-400: Uncontrolled Resource Consumption •
CVE-2016-5465
https://notcve.org/view.php?id=CVE-2016-5465
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Panel Processor. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools en Oracle PeopleSoft Products 8.53, 8.54 y 8.55 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores relacionados con Panel Processor. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91877 http://www.securitytracker.com/id/1036404 •
CVE-2016-3483
https://notcve.org/view.php?id=CVE-2016-3483
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via vectors related to File Processing. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools en Oracle PeopleSoft Products 8.53, 8.54 y 8.55 permite a atacantes remotos afectar la confidencialidad y la disponibilidad a través de vectores relacionados con File Processing. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91849 http://www.securitytracker.com/id/1036404 •
CVE-2016-3478
https://notcve.org/view.php?id=CVE-2016-3478
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to File Processing. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools en Oracle PeopleSoft Products 8.53, 8.54 y 8.55 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores relacionados con File Processing. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91846 http://www.securitytracker.com/id/1036404 •
CVE-2016-3423
https://notcve.org/view.php?id=CVE-2016-3423
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-0698. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools en Oracle PeopleSoft Products 8.53, 8.54 y 8.55 permite a usuarios remotos autenticados afectar a la confidencialidad e integridad a través de vectores relacionados con Rich Text Editor, una vulnerabilidad distinta a CVE-2016-0698. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securitytracker.com/id/1035610 •