Description
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
Remediation
References
https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E
https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
https://security.netapp.com/advisory/ntap-20220210-0012/
https://www.debian.org/security/2023/dsa-5316
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
Related Vulnerabilities
CVE-2022-2047 Vulnerability in maven package org.eclipse.jetty:jetty-http
CVE-2017-16120 Vulnerability in npm package liyujing
CVE-2020-36641 Vulnerability in maven package fr.turri:axmlrpc
CVE-2018-1000665 Vulnerability in maven package org.webjars.bower:dojo
CVE-2021-37304 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base