rpm package
suse/netty&distro=SUSE Linux Enterprise Module for Package Hub 15 SP5
pkg:rpm/suse/netty&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47535 | — | < 4.1.115-150200.4.26.1 | 4.1.115-150200.4.26.1 | Nov 12, 2024 | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application | ||
| CVE-2024-29025 | — | < 4.1.108-150200.4.23.1 | 4.1.108-150200.4.23.1 | Mar 25, 2024 | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, t | ||
| CVE-2023-44487 | Hig | 7.5 | KEV | < 4.1.100-150200.4.20.1 | 4.1.100-150200.4.20.1 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-34462 | — | < 4.1.94-150200.4.17.1 | 4.1.94-150200.4.17.1 | Jun 22, 2023 | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does | ||
| CVE-2022-41915 | — | < 4.1.90-150200.4.14.1 | 4.1.90-150200.4.14.1 | Dec 13, 2022 | Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values | ||
| CVE-2022-41881 | — | < 4.1.90-150200.4.14.1 | 4.1.90-150200.4.14.1 | Dec 12, 2022 | Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no wor | ||
| CVE-2022-24823 | — | < 4.1.90-150200.4.14.1 | 4.1.90-150200.4.14.1 | May 6, 2022 | Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur |
- CVE-2024-47535Nov 12, 2024affected < 4.1.115-150200.4.26.1fixed 4.1.115-150200.4.26.1
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application
- CVE-2024-29025Mar 25, 2024affected < 4.1.108-150200.4.23.1fixed 4.1.108-150200.4.23.1
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, t
- affected < 4.1.100-150200.4.20.1fixed 4.1.100-150200.4.20.1
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2023-34462Jun 22, 2023affected < 4.1.94-150200.4.17.1fixed 4.1.94-150200.4.17.1
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does
- CVE-2022-41915Dec 13, 2022affected < 4.1.90-150200.4.14.1fixed 4.1.90-150200.4.14.1
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values
- CVE-2022-41881Dec 12, 2022affected < 4.1.90-150200.4.14.1fixed 4.1.90-150200.4.14.1
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no wor
- CVE-2022-24823May 6, 2022affected < 4.1.90-150200.4.14.1fixed 4.1.90-150200.4.14.1
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur