CVE-2014-0193

Опубликовано: 01 мая 2014

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat JBoss BRMS 5	netty	Will not fix
Red Hat JBoss Data Grid 6	netty	Not affected
Red Hat JBoss Enterprise Application Platform 5	netty	Will not fix
Red Hat JBoss Enterprise Web Server 1	eds-5	Will not fix
Red Hat JBoss Enterprise Web Server 1	ewp-5	Will not fix
Red Hat JBoss Enterprise Web Server 1	fuse-6	Affected
Red Hat JBoss Enterprise Web Server 1	fuse-esb-7.1	Affected
Red Hat JBoss Operations Network 3	netty	Affected
Red Hat JBoss Portal 5	netty	Will not fix
Red Hat JBoss SOA Platform 5	netty	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1092783netty: DoS via memory exhaustion during data aggregation

EPSS

Процентиль: 90%

0.05055

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-0193

ubuntu

почти 12 лет назад

CVE-2014-0193

nvd

почти 12 лет назад

CVE-2014-0193

debian

почти 12 лет назад

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7. ...

GHSA-7vpq-g998-qpv7

github

больше 3 лет назад

Netty denial of service vulnerability

EPSS

Процентиль: 90%

0.05055

Низкий

4.3 Medium

CVSS2