{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T19:03:26.597444500Z","vulnerabilities":[{"cve":{"id":"CVE-2021-37137","sourceIdentifier":"reefs@jfrog.com","published":"2021-10-19T15:15:07.757","lastModified":"2024-11-21T06:14:43.073","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk."},{"lang":"es","value":"La función Snappy frame decoder no restringe la longitud de los trozos, lo que puede conllevar a un uso excesivo de memoria. Además, también puede almacenar en el búfer trozos omitibles reservados hasta que se reciba el trozo completo, lo que también puede conllevar a un uso excesivo de memoria. Esta vulnerabilidad puede desencadenarse al suministrar una entrada maliciosa que se descomprime a un tamaño muy grande (por medio de un flujo de red o un archivo) o mediante el envío de un trozo omitido enorme"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"reefs@jfrog.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.68","matchCriteriaId":"FF41DE29-2A17-4085-9F00-811E461E36EC"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*","versionStartIncluding":"18.1","versionEndIncluding":"18.3","matchCriteriaId":"6DF2D056-3118-4C31-BEDD-69F016898CBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*","matchCriteriaId":"CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*","matchCriteriaId":"86F03B63-F922-45CD-A7D1-326DB0042875"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*","matchCriteriaId":"7CBFC93F-8B39-45A2-981C-59B187169BD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*","matchCriteriaId":"0843465C-F940-4FFC-998D-9A2668B75EA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*","matchCriteriaId":"BBE7BF09-B89C-4590-821E-6C0587E096B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*","matchCriteriaId":"ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*","matchCriteriaId":"E7231D2D-4092-44F3-B60A-D7C9ED78AFDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*","matchCriteriaId":"F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*","matchCriteriaId":"18127694-109C-4E7E-AE79-0BA351849291"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*","matchCriteriaId":"33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*","matchCriteriaId":"0D6895A6-511A-4DC6-9F9B-58E05B86BDB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*","matchCriteriaId":"2A3622F5-5976-4BBC-A147-FC8A6431EA79"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"12.0.0.4.6","matchCriteriaId":"6894D860-000E-439D-8AB7-07E9B2ACC31B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*","matchCriteriaId":"FD66C717-85E0-40E7-A51F-549C8196D557"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*","matchCriteriaId":"B6B6FE82-7BFA-481D-99D6-789B146CA18B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.5.0.2","matchCriteriaId":"590ADE5F-0D0F-4576-8BA6-828758823442"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","matchCriteriaId":"7E1E416B-920B-49A0-9523-382898C2979D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","matchCriteriaId":"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*","matchCriteriaId":"C8AF00C6-B97F-414D-A8DF-057E6BFD8597"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D6A4F71A-4269-40FC-8F61-1D1301F2B728"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5A502118-5B2B-47AE-82EC-1999BD841103"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*","versionEndExcluding":"2.2.4","matchCriteriaId":"6677F86F-5933-460E-B978-23A4C1407CB0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363","source":"reefs@jfrog.com","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E","source":"reefs@jfrog.com"},{"url":"https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E","source":"reefs@jfrog.com"},{"url":"https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E","source":"reefs@jfrog.com"},{"url":"https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E","source":"reefs@jfrog.com"},{"url":"https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E","source":"reefs@jfrog.com"},{"url":"https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E","source":"reefs@jfrog.com"},{"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html","source":"reefs@jfrog.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220210-0012/","source":"reefs@jfrog.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5316","source":"reefs@jfrog.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"reefs@jfrog.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"reefs@jfrog.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"reefs@jfrog.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220210-0012/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5316","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}