Lucene search

K
osvGoogleOSV:USN-4600-2
HistoryOct 27, 2020 - 1:40 p.m.

netty vulnerabilities

2020-10-2713:40:49
Google
osv.dev
9
netty v3.9
cve-2019-20444
cve-2019-20445
cve-2020-11612
http request smuggling
denial of service

AI Score

9.2

Confidence

High

EPSS

0.022

Percentile

89.7%

USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides
the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty.

Also it was discovered that Netty allow for unbounded memory allocation. A
remote attacker could send a large stream to the Netty server causing it to
crash (denial of service). (CVE-2020-11612)

Original advisory details:

It was discovered that Netty had HTTP request smuggling vulnerabilities. A
remote attacker could used it to extract sensitive information. (CVE-2019-16869,
CVE-2019-20444, CVE-2019-20445, CVE-2020-7238)