Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
History

Wed, 13 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Netty
Netty netty
CPEs cpe:2.3:a:netty:netty:-:*:*:*:*:*:*:*
Vendors & Products Netty
Netty netty
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 13 Nov 2024 02:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 12 Nov 2024 16:00:00 +0000

Type Values Removed Values Added
Description Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
Title Denial of Service attack on windows app using Netty
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-11-12T15:50:08.334Z

Updated: 2024-11-13T20:44:41.743Z

Reserved: 2024-09-25T21:46:10.929Z

Link: CVE-2024-47535

cve-icon Vulnrichment

Updated: 2024-11-13T20:44:36.110Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-12T16:15:22.237

Modified: 2024-11-13T17:01:58.603

Link: CVE-2024-47535

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-11-12T15:50:08Z

Links: CVE-2024-47535 - Bugzilla