PT-2021-7931 · Unknown+5 · Bzip2Decoder+5

Published

2021-09-09

Updated

2026-04-01

CVE-2021-37136

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Bzip2Decoder (affected versions not specified)

Description The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data, which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OutOfMemoryError (OOME) and thus a Denial of Service (DoS) attack.

Recommendations As a temporary workaround, consider not using the Bzip2Decoder until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2023-05622

CLEANSTART-2026-CI66802

CVE-2021-37136

DLA-3268-1

DSA-5316-1

GHSA-GRG4-WF29-R9VV

OESA-2021-1423

OPENSUSE-SU-2022_1271-1

OPENSUSE-SU-2024:14442-1

RHSA-2022:4918

RHSA-2022:4919

RHSA-2022:8506

RHSA-2025:9582

RHSA-2025:9583

RLSA-2022:8506

SUSE-SU-2022:1271-1

SUSE-SU-2022:3617-1

SUSE-SU-2022:3760-1

SUSE-SU-2022:3793-1

USN-6049-1

Affected Products

Astra Linux

Bzip2Decoder

Linuxmint

Rocky Linux

Suse

Ubuntu

PT-2021-7931 · Unknown+5 · Bzip2Decoder+5

CVE-2021-37136

Weakness Enumeration

Related Identifiers

Affected Products

References · 430