Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 19 Sep 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Debian
Debian debian Linux Netty Netty netty |
|
CPEs | cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Debian
Debian debian Linux Netty Netty netty |
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Wed, 25 Jun 2025 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:apache_camel_spring_boot:4.4::el6 |
Tue, 06 May 2025 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat apache Camel Spring Boot
|
|
CPEs | cpe:/a:redhat:apache_camel_spring_boot:4.4.1 | |
Vendors & Products |
Redhat apache Camel Spring Boot
|
Thu, 12 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat migration Toolkit Runtimes
|
|
CPEs | cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 | |
Vendors & Products |
Redhat migration Toolkit Runtimes
|
Fri, 16 Aug 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:8.0 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
Thu, 08 Aug 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat jboss Enterprise Application Platform
|
|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:7.4 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 |
|
Vendors & Products |
Redhat jboss Enterprise Application Platform
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-02-13T17:47:35.781Z
Reserved: 2024-03-14T16:59:47.611Z
Link: CVE-2024-29025

Updated: 2024-08-02T01:03:51.668Z

Status : Analyzed
Published: 2024-03-25T20:15:08.797
Modified: 2025-09-19T15:10:53.740
Link: CVE-2024-29025


No data.