CVE-2022-0552

Technical details for CVE-2022-0552 are not provided in the supplied documents. Public details such as affected products, exploitability, and remediation are not present here; please monitor for updates.

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects...

PT-2022-13256 · Unknown · Openshift-Logging/Elasticsearch6-Rhel8 +3

Name of the Vulnerable Software and Affected Versions: origin-aggregated-logging versions 3.11 Description: A flaw was found in the original fix for the netty-codec-http issue, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete, and the vulnerable...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.2.1 security update

A security update to Red Hat Integration Camel Extensions for Quarkus 2.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System...

Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.2.8)

OpenShift Logging bug fix and security update 5.2.8 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)

OpenShift Logging bug fix and security update 5.1.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.3.5)

OpenShift Logging bug fix and security update 5.3.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 2.2.5 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.0.0 release and security update

Red Hat AMQ Streams 2.0.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: Openshift Logging security and bug update (5.2.4)

An update is now available for OpenShift Logging 5.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...

africa.absa:inception-application (>=1.0.0 <=1.0.1), ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4) +36037 more potentially affected by CVE-2021-43797 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.70.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =1.0.0, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.28.0 and more Source cves:...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.5 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

CVE-2021-37137

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

CVE-2021-37136

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

Denial Of Service(DoS)

netty-codec is vulnerable to denial of service. The vulnerability exists due to lack of allocation size restriction on the decompressed output data in the Snappy frame decoder function, leading to an OOME...