Search CVE reports
1 – 7 of 7 results
CVE-2022-41915
Medium prioritySome fixes available 5 of 11
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Needs evaluation | Fixed | Fixed | Fixed | Fixed |
| netty-3.9 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-41881
Medium prioritySome fixes available 5 of 11
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Needs evaluation | Fixed | Fixed | Fixed | Fixed |
| netty-3.9 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2019-20445
Medium prioritySome fixes available 4 of 6
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Fixed | Vulnerable |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed | Fixed |
CVE-2019-20444
Medium prioritySome fixes available 4 of 6
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Fixed | Vulnerable |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed | Fixed |
CVE-2020-7238
Medium prioritySome fixes available 2 of 5
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| netty-3.9 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2019-16869
Medium prioritySome fixes available 3 of 7
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
| netty-3.9 | Not in release | Not in release | Not in release | Fixed | Fixed |
CVE-2015-2156
Medium priorityNetty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain...
3 affected packages
netty, netty-3.9, netty3.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Not affected | Not affected |
| netty-3.9 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
| netty3.1 | Not in release | Not in release | Not in release | Not in release | Not in release |