netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths

Summary Tornado interprets -, +, and in chunk length and Content-Length values, which are not allowed by the HTTP RFCs. This can result in request smuggling when Tornado is deployed behind certain proxies that interpret those non-standard characters differently. This is known to apply to older...

PT-2023-33054 · Haproxy +1 · Haproxy +1

Name of the Vulnerable Software and Affected Versions: Tornado versions prior to the version that includes the fix for this issue Description: The issue arises from Tornado's interpretation of non-standard characters in chunk length and Content-Length values, which can lead to request smuggling...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

SUSE CVE-2017-12652

libpng before 1.6.32 does not properly check the length of chunks against the user limit...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

DEBIAN-CVE-2021-37137

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2226-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2204-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes two vulnerabilities is now available...

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2194-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description: This...