Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.
{
"binaries": [
{
"binary_name": "libnetty-buffer-java",
"binary_version": "1:4.1.48-16ubuntu0.1~esm2"
},
{
"binary_name": "libnetty-common-java",
"binary_version": "1:4.1.48-16ubuntu0.1~esm2"
},
{
"binary_name": "libnetty-java",
"binary_version": "1:4.1.48-16ubuntu0.1~esm2"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}