Search CVE reports
1 – 8 of 8 results
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of...
2 affected packages
netty-3.9, netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty-3.9 | Not in release | Not in release | Not in release | Needs evaluation |
| netty | Ignored | Ignored | Ignored | Ignored |
Some fixes available 8 of 12
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed |
| netty-3.9 | — | Not in release | Not in release | Needs evaluation |
Some fixes available 8 of 13
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed |
| netty-3.9 | — | Not in release | Not in release | Needs evaluation |
Some fixes available 2 of 5
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Needs evaluation |
| netty-3.9 | Not in release | Not in release | Not in release | Not affected |
Some fixes available 4 of 6
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Fixed |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed |
Some fixes available 4 of 6
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Fixed |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed |
Some fixes available 3 of 7
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Vulnerable |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed |
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain...
3 affected packages
netty, netty3.1, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Not affected |
| netty3.1 | Not in release | Not in release | Not in release | Not in release |
| netty-3.9 | Not in release | Not in release | Not in release | Not affected |