GHSA-7vpq-g998-qpv7

Source

https://github.com/advisories/GHSA-7vpq-g998-qpv7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7vpq-g998-qpv7/GHSA-7vpq-g998-qpv7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7vpq-g998-qpv7

Aliases

CVE-2014-0193

Published

2022-05-13T01:54:02Z

Modified

2024-12-08T05:28:34.511125Z

Summary

Netty denial of service vulnerability

Details

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.

Database specific

{
    "nvd_published_at": "2014-05-06T14:55:00Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-07T20:25:36Z"
}

References

Affected packages

Maven / io.netty:netty

Package

Name: io.netty:netty; View open source insights on deps.dev
Purl: pkg:maven/io.netty/netty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.6.0.Beta1

Fixed

3.6.9.Final

Affected versions

3.*

3.6.0.Beta1

3.6.0.Final

3.6.1.Final

3.6.2.Final

3.6.3.Final

3.6.4.Final

3.6.5.Final

3.6.6.Final

3.6.7.Final

3.6.8.Final

Maven / io.netty:netty

Package

Name: io.netty:netty; View open source insights on deps.dev
Purl: pkg:maven/io.netty/netty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.7.0.Final

Fixed

3.7.1.Final

Affected versions

3.*

3.7.0.Final

Maven / io.netty:netty

Package

Name: io.netty:netty; View open source insights on deps.dev
Purl: pkg:maven/io.netty/netty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.8.0.Final

Fixed

3.8.2.Final

Affected versions

3.*

3.8.0.Final

3.8.1.Final

Maven / io.netty:netty

Package

Name: io.netty:netty; View open source insights on deps.dev
Purl: pkg:maven/io.netty/netty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.9.0.Final

Fixed

3.9.1.Final

Affected versions

3.*

3.9.0.Final

Maven / io.netty:netty

Package

Name: io.netty:netty; View open source insights on deps.dev
Purl: pkg:maven/io.netty/netty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0.Alpha1

Fixed

4.0.19.Final

Affected versions

4.*

4.0.0.Alpha1

4.0.0.Alpha2

4.0.0.Alpha3

4.0.0.Alpha4

4.0.0.Alpha5

4.0.0.Alpha6

4.0.0.Alpha7

4.0.0.Alpha8

Maven / io.netty:netty-all

Package

Name: io.netty:netty-all; View open source insights on deps.dev
Purl: pkg:maven/io.netty/netty-all

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0.Alpha1

Fixed

4.0.19.Final

Affected versions

4.*

4.0.0.Beta1

4.0.0.Beta2

4.0.0.Beta3

4.0.0.CR1

4.0.0.CR2

4.0.0.CR3

4.0.0.CR4

4.0.0.CR5

4.0.0.CR6

4.0.0.CR7

4.0.0.CR8

4.0.0.CR9

4.0.0.Final

4.0.1.Final

4.0.2.Final

4.0.3.Final

4.0.4.Final

4.0.5.Final

4.0.6.Final

4.0.7.Final

4.0.8.Final

4.0.9.Final

4.0.10.Final

4.0.11.Final

4.0.12.Final

4.0.13.Final

4.0.14.Beta1

4.0.14.Final

4.0.15.Final

4.0.16.Final

4.0.17.Final

4.0.18.Final