{"id":"SUSE-SU-2022:3760-1","summary":"Security update for netty","details":"This update for netty fixes the following issues:\n\n- CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream (bsc#1168932)\n- CVE-2021-21290: Information disclosure via the local system temporary directory (bsc#1182103)\n- CVE-2021-37136: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (bsc#1190610)\n- CVE-2021-37137: Snappy frame decoder doesn't restrict the chunk length and may buffer skippable chunks (bsc#1190613)\n","modified":"2026-02-04T02:29:29.970929Z","published":"2022-10-26T08:58:36Z","related":["CVE-2020-11612","CVE-2021-21290","CVE-2021-37136","CVE-2021-37137"],"upstream":["CVE-2020-11612","CVE-2021-21290","CVE-2021-37136","CVE-2021-37137"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20223760-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1168932"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182103"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190610"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190613"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-11612"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-37136"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-37137"}],"affected":[{"package":{"name":"netty","ecosystem":"SUSE:Manager Server Module 4.3","purl":"pkg:rpm/suse/netty&distro=SUSE%20Manager%20Server%20Module%204.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.44.Final-150400.3.3.2"}]}],"ecosystem_specific":{"binaries":[{"netty":"4.1.44.Final-150400.3.3.2"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3760-1.json"}}],"schema_version":"1.7.3"}