cvedb.io
CVE-2021-37137
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2021-10-19T15:15:07.757 · Last modified 2026-06-17T04:00:07.847

Summary

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.

Affected products

netty — netty

Does this affect you?

Add your gear to cvedb and we'll alert you only when netty ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.