CVE-2020-11612 - Vulnerability Details

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01846.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Netapp	Oncommand Api Services Oncommand Insight Oncommand Workflow Automation
Netty	Netty
Oracle	Communications Brm - Elastic Charging Engine Communications Cloud Native Core Service Communication Proxy Communications Design Studio Communications Messaging Server Nosql Database Siebel Core - Server Framework Webcenter Portal
Redhat	A Mq Clients Amq Broker Amq Online Amq Streams Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Application Platform Cd Jboss Enterprise Bpms Platform Jboss Enterprise Brms Platform Jboss Fuse Jboss Single Sign On Openshift Application Runtimes Satellite

Configuration 1 [-]

cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:a:netapp:oncommand_api_services:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.5.2:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.4.2:::::::*
	cpe:2.3:a:oracle:nosql_database::::::::
	cpe:2.3:a:oracle:siebel_core_-_server_framework::::::::
	cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*
	cpe:2.3:o:oracle:communications_messaging_server:8.1:::::::*

Package	CPE	Advisory	Released Date
AMQ Clients 2.y for RHEL 6
qpid-cpp-0:1.36.0-30.el6_10amq	cpe:/a:redhat:a_mq_clients:2::el6	RHSA-2020:2605	2020-06-17T00:00:00Z
qpid-proton-0:0.31.0-3.el6_10	cpe:/a:redhat:a_mq_clients:2::el6	RHSA-2020:2605	2020-06-17T00:00:00Z
AMQ Clients 2.y for RHEL 7
qpid-cpp-0:1.36.0-30.el7amq	cpe:/a:redhat:a_mq_clients:2::el7	RHSA-2020:2605	2020-06-17T00:00:00Z
qpid-proton-0:0.31.0-3.el7	cpe:/a:redhat:a_mq_clients:2::el7	RHSA-2020:2605	2020-06-17T00:00:00Z
rubygem-qpid_proton-0:0.31.0-2.el7	cpe:/a:redhat:a_mq_clients:2::el7	RHSA-2020:2605	2020-06-17T00:00:00Z
AMQ Clients 2.y for RHEL 8
nodejs-rhea-0:1.0.21-1.el8	cpe:/a:redhat:a_mq_clients:2::el8	RHSA-2020:2605	2020-06-17T00:00:00Z
qpid-cpp-0:1.39.0-5.el8amq	cpe:/a:redhat:a_mq_clients:2::el8	RHSA-2020:2605	2020-06-17T00:00:00Z
qpid-proton-0:0.31.0-3.el8	cpe:/a:redhat:a_mq_clients:2::el8	RHSA-2020:2605	2020-06-17T00:00:00Z
rubygem-qpid_proton-0:0.31.0-2.el8	cpe:/a:redhat:a_mq_clients:2::el8	RHSA-2020:2605	2020-06-17T00:00:00Z
EAP-CD 20 Tech Preview
netty	cpe:/a:redhat:jboss_enterprise_application_platform_cd:20	RHSA-2020:3585	2020-08-31T00:00:00Z
Red Hat AMQ
netty	cpe:/a:redhat:amq_broker:7	RHSA-2020:2751	2020-06-25T00:00:00Z
netty	cpe:/a:redhat:amq_broker:7	RHSA-2020:3133	2020-07-23T00:00:00Z
Red Hat AMQ Online 1.4.1 GA
netty	cpe:/a:redhat:amq_online:1.4	RHSA-2020:1538	2020-04-22T00:00:00Z
Red Hat AMQ Streams 1.5.0
netty	cpe:/a:redhat:amq_streams:1	RHSA-2020:2618	2020-06-19T00:00:00Z
Red Hat build of Quarkus 1.7.5
netty	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2020:4252	2020-10-14T00:00:00Z
Red Hat Data Grid
netty	cpe:/a:redhat:jboss_data_grid:8	RHSA-2020:3626	2020-09-03T00:00:00Z
Red Hat Data Grid 7.3.7
netty	cpe:/a:redhat:jboss_data_grid:7.3	RHSA-2020:3779	2020-09-17T00:00:00Z
Red Hat Decision Manager 7
netty	cpe:/a:redhat:jboss_enterprise_brms_platform:7.8	RHSA-2020:3196	2020-07-29T00:00:00Z
Red Hat Fuse 7.8.0
netty	cpe:/a:redhat:jboss_fuse:7	RHSA-2020:5568	2020-12-16T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
	cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0	RHSA-2020:3464	2020-08-17T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:3461	2020-08-17T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7
eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:3462	2020-08-17T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8
eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:3463	2020-08-17T00:00:00Z
Red Hat Process Automation 7
netty	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8	RHSA-2020:3197	2020-07-29T00:00:00Z
Red Hat Satellite 6.9 for RHEL 7
candlepin-0:3.1.26-1.el7sat	cpe:/a:redhat:satellite:6.9::el7	RHSA-2021:1313	2021-04-21T00:00:00Z
Red Hat Single Sign-On 7.4.2
netty	cpe:/a:redhat:jboss_single_sign_on:7.4	RHSA-2020:3501	2020-08-18T00:00:00Z
Text-Only RHOAR
netty	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2020:1422	2020-04-30T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2364-1	netty security update
Debian DSA	DSA-4885-1	netty security update
EUVD	EUVD-2020-0500	The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
Github GHSA	GHSA-mm9x-g8pc-w292	Denial of Service in Netty
Ubuntu USN	USN-4600-2	Netty vulnerabilities
Ubuntu USN	USN-6049-1	Netty vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final
https://github.com/netty/netty/issues/6168
https://github.com/netty/netty/pull/9924
https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
https://nvd.nist.gov/vuln/detail/CVE-2020-11612
https://security.netapp.com/advisory/ntap-20201223-0001/
https://www.cve.org/CVERecord?id=CVE-2020-11612
https://www.debian.org/security/2021/dsa-4885
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-07T18:00:34

Updated: 2024-08-04T11:35:13.236Z

Reserved: 2020-04-07T00:00:00

Link: CVE-2020-11612

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-07T18:15:13.697

Modified: 2024-11-21T04:58:14.617

Link: CVE-2020-11612

Redhat

Severity : Moderate

Publid Date: 2020-01-31T00:00:00Z

Links: CVE-2020-11612 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object