Описание
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | io.netty/netty | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | io.netty/netty | Not affected | ||
| Red Hat Build of Keycloak | io.netty/netty | Not affected | ||
| Red Hat Fuse 7 | io.netty/netty | Not affected | ||
| Red Hat Integration Camel K 1 | io.netty/netty | Not affected | ||
| Red Hat JBoss Data Grid 7 | io.netty/netty | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | io.netty/netty | Not affected | ||
| Red Hat Process Automation 7 | io.netty/netty | Not affected | ||
| Red Hat Single Sign-On 7 | io.netty/netty | Not affected | ||
| Red Hat build of Quarkus 3.15.3 | io.quarkus/quarkus-netty | Fixed | RHSA-2025:0900 | 05.02.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
Netty is an asynchronous event-driven network application framework fo ...
Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative
Denial of Service attack on windows app using netty
EPSS
5.5 Medium
CVSS3