22 matches found
Astra Linux - уязвимость в netty
Netty is an asynchronous event-driven network application framework for rapid development of maintainable, high-performance protocol servers and clients. The HttpPostRequestDecoder can be configured to accumulate data. If enabled, the decoder can store items on the disk. There are no limitations ...
EUVD-2024-0832
Malicious code in bioql PyPI...
Security Bulletin: IBM SPSS Analytic Server is affected by netty vulnerability (CVE-2024-29025)
Summary IBM SPSS Analytic Server uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network...
OESA-2024-2395 netty security update
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages...
netty-codec-http: Allocation of Resources Without Limits or Throttling
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty3 (SUSE-SU-2024:2313-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2313-1 advisory. - CVE-2024-29025: Fixed HttpPostRequestDecoder can out of memory due to large number of form fields...
SUSE-SU-2024:2313-1 Security update for netty3
This update for netty3 fixes the following issues: - CVE-2024-29025: Fixed HttpPostRequestDecoder can out of memory due to large number of form fields bsc1222045...
Debian dla-3834 : libnetty-java - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] https://www.debian.org/lts/security/...
Security Bulletin: A vulnerability in Transparent Cloud Tiering affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in netty-codec-http affects the Transparent Cloud Tiering function in IBM Storage Virtualize products. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the lsvolumebackup CLI command - if there is no output, then this feature is not...
SUSE CVE-2024-29025
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...
Denial Of Service (DoS)
io.netty: netty-codec-http is vulnerable to Denial Of Service DoS. The vulnerability is due to missing form field restrictions within the HttpPostRequestDecoder class. An attacker can send a chunked POST request with many small form fields, possibly resulting in Denial of Service DoS...
CVE-2024-29025
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...
CVE-2024-29025
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...
CVE-2024-29025
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...
CVE-2024-29025
Netty CVE-2024-29025 affects the HttpPostRequestDecoder: an attacker can craft a chunked POST with many small fields to cause unbounded data accumulation in bodyListHttpData and undecodedChunk, potentially exhausting resources. The issue is mitigated by upgrading Netty to 4.1.108.Final or later. ...
CVE-2024-29025 Netty HttpPostRequestDecoder can OOM
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...
CVE-2024-29025 Netty HttpPostRequestDecoder can OOM
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...
CVE-2024-29025 Netty HttpPostRequestDecoder can OOM
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...
GHSA-5JPM-X58V-624V Netty's HttpPostRequestDecoder can OOM
Summary The HttpPostRequestDecoder can be tricked to accumulate data. I have spotted currently two attack vectors Details 1. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consistin...
Netty's HttpPostRequestDecoder can OOM
Summary The HttpPostRequestDecoder can be tricked to accumulate data. I have spotted currently two attack vectors Details 1. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consistin...