CVE-2021-37136

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-37136
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37136.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-37136
Aliases
Downstream
Related
Published
2021-10-19T15:15:07.697Z
Modified
2026-02-21T10:38:24.329661Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

References

Affected packages

Git / gitlab.com/muttmua/mutt

Affected ranges

Type
GIT
Repo
https://gitlab.com/muttmua/mutt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c3baa83e36596980c1898f9e15ec2ebea5644660

Affected versions

Other
mutt-0-92-10i
mutt-0-92-11i
mutt-0-92-9i
mutt-0-93-unstable
mutt-0-94-10i-rel
mutt-0-94-13-rel
mutt-0-94-14-rel
mutt-0-94-15-rel
mutt-0-94-16i-rel
mutt-0-94-17i-rel
mutt-0-94-18-rel
mutt-0-94-5i-rel
mutt-0-94-6i-rel
mutt-0-94-7i-rel
mutt-0-94-8i-rel
mutt-0-94-9i-p1
mutt-0-94-9i-rel
mutt-0-95-rel
mutt-0-96-1-rel
mutt-0-96-2-slightly-post-release
mutt-0-96-3-rel
mutt-0-96-4-rel
mutt-0-96-5-rel
mutt-0-96-6-rel
mutt-0-96-7-rel
mutt-0-96-8-rel
mutt-0-96-rel
mutt-1-1-1-1-rel
mutt-1-1-1-2-rel
mutt-1-1-1-rel
mutt-1-1-10-rel
mutt-1-1-11-rel
mutt-1-1-12-rel
mutt-1-1-13-rel
mutt-1-1-14-rel
mutt-1-1-2-rel
mutt-1-1-3-rel
mutt-1-1-4-rel
mutt-1-1-5-rel
mutt-1-1-6-rel
mutt-1-1-7-rel
mutt-1-1-8-rel
mutt-1-1-9-rel
mutt-1-1-rel
mutt-1-10-1-rel
mutt-1-10-rel
mutt-1-11-1-rel
mutt-1-11-2-rel
mutt-1-11-3-rel
mutt-1-11-4-rel
mutt-1-11-rel
mutt-1-12-1-rel
mutt-1-12-2-rel
mutt-1-12-rel
mutt-1-13-1-rel
mutt-1-13-2-rel
mutt-1-13-3-rel
mutt-1-13-4-rel
mutt-1-13-5-rel
mutt-1-13-rel
mutt-1-14-1-rel
mutt-1-14-2-rel
mutt-1-14-3-rel
mutt-1-14-4-rel
mutt-1-14-5-rel
mutt-1-14-6-rel
mutt-1-14-7-rel
mutt-1-14-rel
mutt-1-3-1-rel
mutt-1-3-10-rel
mutt-1-3-11-rel
mutt-1-3-12-rel
mutt-1-3-13-rel
mutt-1-3-14-rel
mutt-1-3-15-rel
mutt-1-3-16-rel
mutt-1-3-17-rel
mutt-1-3-18-rel
mutt-1-3-19-rel
mutt-1-3-2-rel
mutt-1-3-20-rel
mutt-1-3-21-rel
mutt-1-3-22-1-rel
mutt-1-3-22-rel
mutt-1-3-23-1-rel
mutt-1-3-23-2-rel
mutt-1-3-23-rel
mutt-1-3-24-rel
mutt-1-3-25-rel
mutt-1-3-26-rel
mutt-1-3-27-rel
mutt-1-3-3-rel
mutt-1-3-4-rel
mutt-1-3-5-rel
mutt-1-3-6-rel
mutt-1-3-7-rel
mutt-1-3-8-rel
mutt-1-3-9-rel
mutt-1-3-rel
mutt-1-5-1-rel
mutt-1-5-10-rel
mutt-1-5-11-rel
mutt-1-5-12-rel
mutt-1-5-13-rel
mutt-1-5-14-rel
mutt-1-5-15-rel
mutt-1-5-16-rel
mutt-1-5-17-rel
mutt-1-5-18-rel
mutt-1-5-19-rel
mutt-1-5-2-rel
mutt-1-5-20-rel
mutt-1-5-21-rel
mutt-1-5-22-rel
mutt-1-5-23-rel
mutt-1-5-24-rel
mutt-1-5-3-rel
mutt-1-5-4-rel
mutt-1-5-5-1-rel
mutt-1-5-5-rel
mutt-1-5-6-rel
mutt-1-5-7-rel
mutt-1-5-8-rel
mutt-1-5-9-rel
mutt-1-6-1-rel
mutt-1-6-2-rel
mutt-1-6-rel
mutt-1-7-1-rel
mutt-1-7-2-rel
mutt-1-7-rel
mutt-1-8-1-rel
mutt-1-8-2-rel
mutt-1-8-3-rel
mutt-1-8-rel
mutt-1-9-1-rel
mutt-1-9-2-rel
mutt-1-9-3-rel
mutt-1-9-4-rel
mutt-1-9-5-rel
mutt-1-9-rel
mutt-2-0-1-rel
mutt-2-0-2-rel
mutt-2-0-3-rel
mutt-2-0-4-rel
mutt-2-0-5-rel
mutt-2-0-6-rel
mutt-2-0-7-rel
mutt-2-0-rel
mutt-2-1-1-rel
mutt-2-1-2-rel
mutt-2-1-3-rel
mutt-2-1-4-rel
mutt-2-1-5-rel
mutt-2-1-rel
mutt-2-2-1-rel
mutt-2-2-2-rel
mutt-2-2-3-rel
mutt-2-2-rel
post-type-punning-patch
pre-type-punning-patch

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37136.json"