Search CVE reports
21 – 30 of 36 results
Some fixes available 9 of 15
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed |
Some fixes available 10 of 15
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11612. Reason: This candidate is a reservation duplicate of CVE-2020-11612. Notes: All CVE users should reference CVE-2020-11612 instead of this candidate....
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | — | — | — | Not affected |
Some fixes available 3 of 5
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Fixed | Fixed |
Some fixes available 4 of 6
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Fixed |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed |
Some fixes available 4 of 6
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Fixed |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed |
Some fixes available 2 of 5
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Needs evaluation |
| netty-3.9 | Not in release | Not in release | Not in release | Not affected |
Some fixes available 3 of 7
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Vulnerable |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed |
Some fixes available 1 of 18
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be...
2 affected packages
netty, trafficserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Fixed |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable |
Some fixes available 16 of 66
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...
7 affected packages
golang-google-grpc, grpc, h2o, nginx, trafficserver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| h2o | Not affected | Not affected | Not affected | Vulnerable |
| nginx | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable |
| twisted | Fixed | Fixed | Fixed | Fixed |
| netty | Not affected | Not affected | Not affected | Fixed |