Vulnerability	Vulnerable Version
H Improper Handling of Highly Compressed Data (Data Amplification) io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) via the `BrotliDecoder.decompress` function, which has no limit on how often it calls `pull`, decompressing data 64K bytes at a time. An attacker can exhaust system memory and cause application downtime by submitting specially crafted compressed input that triggers excessive buffer allocations. How to fix Improper Handling of Highly Compressed Data (Data Amplification)? Upgrade `io.netty:netty-codec-http2` to version 4.1.125.Final or higher.	[,4.1.125.Final)

Improper Handling of Highly Compressed Data (Data Amplification)

io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework.

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) via the BrotliDecoder.decompress function, which has no limit on how often it calls pull, decompressing data 64K bytes at a time. An attacker can exhaust system memory and cause application downtime by submitting specially crafted compressed input that triggers excessive buffer allocations.

How to fix Improper Handling of Highly Compressed Data (Data Amplification)?

Upgrade io.netty:netty-codec-http2 to version 4.1.125.Final or higher.

[,4.1.125.Final)

Go back to all versions of this package