Lucene search

K
ubuntuUbuntuUSN-4600-2
HistoryOct 27, 2020 - 12:00 a.m.

Netty vulnerabilities

2020-10-2700:00:00
ubuntu.com
71
netty vulnerabilities
cve fixes
unbounded memory allocation
http request smuggling
ubuntu 18.04 esm

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.9

Confidence

High

EPSS

0.022

Percentile

89.7%

Releases

  • Ubuntu 18.04 ESM

Packages

  • netty - None

Details

USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides
the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty.

Also it was discovered that Netty allow for unbounded memory allocation. A
remote attacker could send a large stream to the Netty server causing it to
crash (denial of service). (CVE-2020-11612)

Original advisory details:

It was discovered that Netty had HTTP request smuggling vulnerabilities. A
remote attacker could used it to extract sensitive information. (CVE-2019-16869,
CVE-2019-20444, CVE-2019-20445, CVE-2020-7238)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchlibnetty-java< 1:4.1.7-4ubuntu0.1UNKNOWN

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.9

Confidence

High

EPSS

0.022

Percentile

89.7%