Search CVE reports
11 – 20 of 36 results
Some fixes available 8 of 9
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed |
Some fixes available 33 of 46
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
14 affected packages
haproxy, tomcat10, tomcat9, trafficserver, h2o...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| haproxy | Not affected | Not affected | Not affected | Fixed |
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| trafficserver | Not affected | Fixed | Fixed | Not affected |
| h2o | Not affected | Fixed | Fixed | Fixed |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| dotnet6 | Not in release | Fixed | Not in release | Not in release |
| dotnet7 | Not in release | Fixed | Not in release | Not in release |
| dotnet8 | Fixed | Not affected | Not in release | Not in release |
| nginx | Not affected | Not affected | Not affected | Not affected |
| nghttp2 | Not affected | Fixed | Fixed | Fixed |
| nodejs | Not affected | Fixed | Fixed | Fixed |
| netty | Not affected | Fixed | Fixed | Not affected |
| dnsdist | Not affected | Fixed | Not affected | Not affected |
Some fixes available 2 of 8
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Not affected | Not affected |
Some fixes available 9 of 13
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation...
2 affected packages
netty-3.9, netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty-3.9 | — | Not in release | Not in release | Needs evaluation |
| netty | Fixed | Fixed | Fixed | Fixed |
Some fixes available 9 of 14
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed |
| netty-3.9 | — | Not in release | Not in release | Needs evaluation |
Some fixes available 6 of 13
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed |
Some fixes available 9 of 14
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed |
Some fixes available 9 of 14
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed |
Some fixes available 9 of 13
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed |
Some fixes available 9 of 15
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed |