CVE-2020-11612

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11612

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11612.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11612

Aliases

GHSA-mm9x-g8pc-w292

Related

Published

2020-04-07T18:15:13Z

Modified

2024-09-18T03:06:48.524007Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

References

Affected packages

Debian:11 / netty

Package

Name: netty
Purl: pkg:deb/debian/netty?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.48-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / netty

Package

Name: netty
Purl: pkg:deb/debian/netty?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.48-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / netty

Package

Name: netty
Purl: pkg:deb/debian/netty?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.48-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/netty/netty

Affected ranges

Type: GIT
Repo: https://github.com/netty/netty
Events: Introduced

446b38db5220a3934064ee4e26f40d81dfa6b714

Fixed

ebe7af510228f9c6b7f1aff4725ceac85f1e9cc3

Affected versions

netty-4.*

netty-4.1.0.Final

netty-4.1.1.Final

netty-4.1.10.Final

netty-4.1.11.Final

netty-4.1.12.Final

netty-4.1.13.Final

netty-4.1.14.Final

netty-4.1.15.Final

netty-4.1.16.Final

netty-4.1.17.Final

netty-4.1.18.Final

netty-4.1.19.Final

netty-4.1.2.Final

netty-4.1.20.Final

netty-4.1.21.Final

netty-4.1.22.Final

netty-4.1.23.Final

netty-4.1.24.Final

netty-4.1.25.Final

netty-4.1.26.Final

netty-4.1.27.Final

netty-4.1.28.Final

netty-4.1.29.Final

netty-4.1.3.Final

netty-4.1.30.Final

netty-4.1.31.Final

netty-4.1.32.Final

netty-4.1.33.Final

netty-4.1.34.Final

netty-4.1.35.Final

netty-4.1.36.Final

netty-4.1.37.Final

netty-4.1.38.Final

netty-4.1.39.Final

netty-4.1.4.Final

netty-4.1.40.Final

netty-4.1.41.Final

netty-4.1.42.Final

netty-4.1.43.Final

netty-4.1.44.Final

netty-4.1.45.Final

netty-4.1.5.Final

netty-4.1.6.Final

netty-4.1.7.Final

netty-4.1.8.Final

netty-4.1.9.Final