VYPR

rpm package

opensuse/netty&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/netty&distro=openSUSE%20Tumbleweed

Vulnerabilities (53)

  • CVE-2024-29025MedMar 25, 2024
    affected < 4.1.114-1.1fixed 4.1.114-1.1

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, t

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 4.1.114-1.1fixed 4.1.114-1.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-34462MedJun 22, 2023
    affected < 4.1.114-1.1fixed 4.1.114-1.1

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does

  • CVE-2022-41915MedDec 13, 2022
    affected < 4.1.114-1.1fixed 4.1.114-1.1

    Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values

  • CVE-2022-41881MedDec 12, 2022
    affected < 4.1.114-1.1fixed 4.1.114-1.1

    Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no wor

  • CVE-2022-24823MedMay 6, 2022
    affected < 4.1.114-1.1fixed 4.1.114-1.1

    Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur

  • CVE-2021-43797MedDec 9, 2021
    affected < 4.1.72-1.1fixed 4.1.72-1.1

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It shoul

  • CVE-2021-37137HigOct 19, 2021
    affected < 4.1.114-1.1fixed 4.1.114-1.1

    The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be tr

  • CVE-2021-37136HigOct 19, 2021
    affected < 4.1.114-1.1fixed 4.1.114-1.1

    The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

  • CVE-2021-21409MedMar 30, 2021
    affected < 4.1.114-1.1fixed 4.1.114-1.1

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smug

  • CVE-2021-21295MedMar 9, 2021
    affected < 4.1.60-1.4fixed 4.1.60-1.4

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smug

  • CVE-2021-21290MedFeb 8, 2021
    affected < 4.1.60-1.4fixed 4.1.60-1.4

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file.

  • CVE-2020-11612HigApr 7, 2020
    affected < 4.1.60-1.4fixed 4.1.60-1.4

    The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

Page 3 of 3