CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47535 – Denial of Service attack on windows app using Netty
https://notcve.org/view.php?id=CVE-2024-47535
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. • https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3 https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-36121 – netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces
https://notcve.org/view.php?id=CVE-2024-36121
netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat. netty-incubator-codec-ohttp es la implementación OHTTP para netty. BoringSSLAEADContext realiza un seguimiento de cuántas respuestas OHTTP se han enviado y utiliza este número de secuencia para calcular el nonce apropiado para usar con el algoritmo de cifrado. Desafortunadamente, se combinan dos errores separados que permitirían a un atacante provocar que el número de secuencia se desborde y, por lo tanto, que se repita el nonce. • https://github.com/netty/netty-incubator-codec-ohttp/blob/1ddadb6473cd3be5491d114431ed4c1a9f316001/codec-ohttp-hpke-classes-boringssl/src/main/java/io/netty/incubator/codec/hpke/boringssl/BoringSSLAEADContext.java#L112-L114 https://github.com/netty/netty-incubator-codec-ohttp/security/advisories/GHSA-g762-h86w-8749 • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-323: Reusing a Nonce, Key Pair in Encryption •
CVSS: 7.5EPSS: 83%CPEs: 444EXPL: 7CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34462 – netty-handler SniHandler 16MB allocation
https://notcve.org/view.php?id=CVE-2023-34462
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. • https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32 https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845 https://security.netapp.com/advisory/ntap-20230803-0001 https://security.netapp.com/advisory/ntap-20240621-0007 https://www.debian.org/security/2023/dsa-5558 https://access.redhat.com/security/cve/CVE-2023-34462 https://bugzilla.redhat.com/show_bug.cgi?id=2216888 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41915
https://notcve.org/view.php?id=CVE-2022-41915
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values. • https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4 https://github.com/netty/netty/issues/13084 https://github.com/netty/netty/pull/12760 https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html https://security.netapp.com/advisory/ntap-20230113-0004 https://www.debian.org/security/2023/dsa-5316 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-436: Interpretation Conflict •