Search CVE reports
11 – 20 of 25 results
CVE-2021-21295
Medium prioritySome fixes available 5 of 12
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final...
1 affected packages
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Needs evaluation | Fixed | Fixed | Fixed | Fixed |
CVE-2021-21290
Medium prioritySome fixes available 6 of 12
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on...
1 affected packages
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Needs evaluation | Fixed | Fixed | Fixed | Fixed |
CVE-2020-11612
Medium prioritySome fixes available 3 of 5
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server...
1 affected packages
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2019-20445
Medium prioritySome fixes available 4 of 6
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Fixed | Vulnerable |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed | Fixed |
CVE-2019-20444
Medium prioritySome fixes available 4 of 6
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Fixed | Vulnerable |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed | Fixed |
CVE-2020-7238
Medium prioritySome fixes available 2 of 5
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| netty-3.9 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2019-16869
Medium prioritySome fixes available 3 of 7
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed | Fixed |
CVE-2019-9518
Medium prioritySome fixes available 1 of 22
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be...
2 affected packages
netty, trafficserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
| trafficserver | Needs evaluation | Needs evaluation | Not affected | Needs evaluation | Needs evaluation |
CVE-2019-9515
Medium prioritySome fixes available 13 of 60
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...
7 affected packages
golang-google-grpc, grpc, h2o, netty, nginx...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| h2o | Not affected | Not affected | Not affected | Vulnerable | Not in release |
| netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
| twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2019-9514
Medium prioritySome fixes available 13 of 77
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...
16 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| h2o | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
| netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Ignored | Ignored |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
| twisted | Fixed | Fixed | Fixed | Fixed | Not affected |