Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-41881

Опубликовано: 12 дек. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2codec-haproxyWill not fix
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch6-rhel8Not affected
Migration Toolkit for Applications 6io.netty-netty-parentAffected
Migration Toolkit for Applications 6org.jboss.windup.plugin-windup-maven-plugin-parentAffected
Migration Toolkit for Applications 6org.jboss.windup-windup-parentAffected
Migration Toolkit for Runtimesorg.jboss.windup-windup-parentAffected
Red Hat build of Debezium 1codec-haproxyWill not fix
Red Hat build of Quarkuscodec-haproxyWill not fix
Red Hat JBoss Data Grid 7codec-haproxyOut of support scope
Red Hat JBoss Enterprise Application Platform Expansion Packcodec-haproxyAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-674
https://bugzilla.redhat.com/show_bug.cgi?id=2153379codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

EPSS

Процентиль: 24%
0.00077
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-41881

CVSS3: 5.3
ubuntu
больше 2 лет назад

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.

nvd логотип

CVE-2022-41881

CVSS3: 5.3
nvd
больше 2 лет назад

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.

debian логотип

CVE-2022-41881

CVSS3: 5.3
debian
больше 2 лет назад

Netty project is an event-driven asynchronous network application fram ...

github логотип

GHSA-fx2c-96vj-985v

CVSS3: 5.3
github
больше 2 лет назад

HAProxyMessageDecoder Stack Exhaustion DoS

fstec логотип

BDU:2023-05619

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость сетевого программного средства Netty связана с неконтролируемой рекурсией, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 24%
0.00077
Низкий

7.5 High

CVSS3