198 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-29025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The...
Linux Distros Unpatched Vulnerability : CVE-2023-34462
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The...
GHSA-F984-3WX8-GRP9 XXL-RPC Deserialization of Untrusted Data vulnerability
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
GHSA-4HVC-QWR2-F8RV Redisson vulnerable to Deserialization of Untrusted Data
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...
XXL-RPC Deserialization of Untrusted Data vulnerability
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
DEBIAN-CVE-2024-29025
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...
UBUNTU-CVE-2024-29025
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...
OESA-2023-1905 netty security update
Asynchronous event-driven network application Java framework. Security Fixes: Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion...
OESA-2023-1906 netty security update
Asynchronous event-driven network application Java framework. Security Fixes: Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion...
The vulnerability of the frame decoding function in the Netty network programming framework allows a hacker to trigger a service failure.
The vulnerability of the frame decoding function in the Netty network programming framework is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Netty network programming framework lies in its improper handling of control characters, which allows attackers to compromise the integrity of the protected information.
The vulnerability of the Netty network programming framework is related to incorrect processing of control characters. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of the protected information...
The vulnerability of the Netty network programming framework is related to errors during the verification of TLS certificates, which allow attackers to carry out “man-in-the-middle” attacks.
The vulnerability of the Netty network programming framework is related to errors during the verification of TLS certificates. Exploiting this vulnerability allows a remote attacker to carry out a “man-in-the-middle” attack...
CVE-2023-45146
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
Remote code execution
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
CVE-2023-45146
CVE-2023-45146 affects XXL-RPC’s Netty-based TCP server using Hessian serialization. The root cause is insecure deserialization of untrusted objects, allowing an attacker to remotely supply malicious serialized data that, when deserialized, leads to arbitrary code execution and full machine takeo...
CVE-2023-45146 Remote code execution in XXL-RPC
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
CVE-2023-42809
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...
The vulnerability of the Bzip2Decoder decoder in the Netty network programming framework allows a hacker to cause a service failure.
The vulnerability of the Bzip2Decoder decoder in the Netty network programming framework is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the SniHandler component in the Netty network programming framework, which allows a hacker to trigger a service failure.
The vulnerability of the SniHandler component in the Netty network programming framework is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
CVE-2023-34462 netty-handler SniHandler 16MB allocation
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle...