rpm package
suse/netty-tcnative&distro=SUSE Enterprise Storage 7
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Enterprise%20Storage%207
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-41915 | — | < 2.0.59-150200.3.10.1 | 2.0.59-150200.3.10.1 | Dec 13, 2022 | Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values | ||
| CVE-2022-41881 | — | < 2.0.59-150200.3.10.1 | 2.0.59-150200.3.10.1 | Dec 12, 2022 | Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no wor | ||
| CVE-2022-24823 | — | < 2.0.59-150200.3.10.1 | 2.0.59-150200.3.10.1 | May 6, 2022 | Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur |
- CVE-2022-41915Dec 13, 2022affected < 2.0.59-150200.3.10.1fixed 2.0.59-150200.3.10.1
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values
- CVE-2022-41881Dec 12, 2022affected < 2.0.59-150200.3.10.1fixed 2.0.59-150200.3.10.1
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no wor
- CVE-2022-24823May 6, 2022affected < 2.0.59-150200.3.10.1fixed 2.0.59-150200.3.10.1
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur