Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20240514-04
HistoryMay 14, 2024 - 12:00 a.m.

ROS-20240514-04

2024-05-1400:00:00
redos.red-soft.ru
9
netty
vulnerability
interpretation conflict
uncontrolled recursion
snihandler
disclosure
modification
denial of service
resource consumption
remote attackers

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.6%

JSON

A vulnerability in the Netty networking software is associated with the occurrence of an interpretation conflict.
Exploitation of the vulnerability could allow an attacker acting remotely to disclose and modify
protected information

A vulnerability in the Netty networking software is related to uncontrolled recursion. Exploitation
exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service

HttpPostRequestDecoder class vulnerability in Netty networking software is related to unrestricted resource allocation.
resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely,
cause a denial of service

Vulnerability in the SniHandler component of the Netty networking software is related to uncontrolled resource consumption.
resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a
denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64netty<= 4.1.108-1UNKNOWN

Related

ibm 65
openvas 7
cvelist 4
ubuntucve 4
nessus 29
osv 13
nvd 4
veracode 4
debiancve 4
redhatcve 3
cgr 4
cve 4
github 4
wolfi 4
debian 3
prion 3
rosalinux 1
redhat 38
ubuntu 1
ibm
ibm
Security Bulletin: Vulnerability in Netty affects IBM Process Mining . CVE-2022-41881
2023-05-05 14:17:39
Security Bulletin: Operations Dashboard is vulnerable to denial of service and response splitting due to vulnerabilities in Netty (CVE-2022-41881 and CVE-2022-41915)
2023-03-02 15:29:07
Security Bulletin: There is a vulnerability in Asset Data Dictionary used by IBM Maximo Asset Management application (CVE-2023-44487, CVE-2022-41881, CVE-2022-41915, CVE-2021-42550, CVE-2023-34462, CVE-2023-6481 and CVE-2023-6378)
2024-02-29 13:30:10
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2096-1)
2023-05-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1079-1)
2024-05-07 00:00:00
Debian: Security Advisory (DSA-5316-1)
2023-01-12 00:00:00
cvelist
cvelist
CVE-2024-29025 Netty HttpPostRequestDecoder can OOM
2024-03-25 20:09:35
CVE-2022-41881
2022-12-12 00:00:00
CVE-2022-41915
2022-12-13 00:00:00
ubuntucve
ubuntucve
CVE-2024-29025
2024-03-25 00:00:00
CVE-2022-41915
2022-12-13 00:00:00
CVE-2022-41881
2022-12-12 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2023:2096-1)
2023-05-11 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2023:2096-2)
2023-06-22 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2024:1079-1)
2024-04-03 00:00:00
osv
osv
Netty's HttpPostRequestDecoder can OOM
2024-03-25 19:40:50
CVE-2024-29025
2024-03-25 20:15:08
CGA-mgv4-g226-vxr2
2024-06-19 07:37:01
nvd
nvd
CVE-2024-29025
2024-03-25 20:15:08
CVE-2022-41915
2022-12-13 07:15:13
CVE-2022-41881
2022-12-12 18:15:12
veracode
veracode
Denial Of Service (DoS)
2024-03-28 03:09:13
HTTP Response Splitting
2022-12-13 02:14:59
Denial Of Service (DoS)
2022-12-13 01:15:13
debiancve
debiancve
CVE-2024-29025
2024-03-25 20:15:08
CVE-2022-41881
2022-12-12 18:15:12
CVE-2023-34462
2023-06-22 23:15:09
redhatcve
redhatcve
CVE-2024-29025
2024-04-03 12:18:09
CVE-2023-34462
2023-07-19 21:30:25
CVE-2022-41881
2022-12-14 14:05:02
cgr
cgr
CVE-2024-29025 vulnerabilities
2024-05-19 03:07:16
CVE-2022-41881 vulnerabilities
2024-05-19 03:07:16
CVE-2022-41915 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2024-29025
2024-03-25 20:15:08
CVE-2022-41915
2022-12-13 07:15:13
CVE-2022-41881
2022-12-12 18:15:12
github
github
Netty's HttpPostRequestDecoder can OOM
2024-03-25 19:40:50
HAProxyMessageDecoder Stack Exhaustion DoS
2022-12-12 21:24:29
netty-handler SniHandler 16MB allocation
2023-06-20 16:33:22
wolfi
wolfi
CVE-2024-29025 vulnerabilities
2024-06-24 09:08:26
CVE-2022-41915 vulnerabilities
2024-05-29 03:07:31
CVE-2022-41881 vulnerabilities
2024-05-29 03:07:31
debian
debian
[SECURITY] [DSA 5316-1] netty security update
2023-01-11 22:38:12
[SECURITY] [DLA 3268-1] netty security update
2023-01-11 22:57:14
[SECURITY] [DSA 5558-1] netty security update
2023-11-18 16:33:00
prion
prion
Heap overflow
2023-06-22 23:15:00
Design/Logic Flaw
2022-12-12 18:15:00
Input validation
2022-12-13 07:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2304
2023-12-12 12:18:26
redhat
redhat
(RHSA-2024:2705) Moderate: Red Hat build of Quarkus 3.2.12 release and security update
2024-05-09 11:54:42
(RHSA-2024:2106) Moderate: Red Hat build of Quarkus 3.8.4 release
2024-05-07 16:19:27
(RHSA-2023:0888) Moderate: Red Hat Integration Camel Extension For Quarkus 2.13.2-1 security update
2023-02-21 15:39:59
ubuntu
ubuntu
Netty vulnerabilities
2023-04-28 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.6%

JSON
Related for ROS-20240514-04
ibm65openvas7cvelist4ubuntucve4nessus29osv13nvd4veracode4debiancve4redhatcve3cgr4cve4github4wolfi4debian3prion3rosalinux1redhat38ubuntu1