All errata/sisyphus/ALT-PU-2016-3291-1
ALT-PU-2016-3291-1

Package update netty in branch sisyphus

Version4.0.28-alt1_2jpp8
Task#158611
Published2016-02-11
Max severityHIGH
Severity:

Closed issues (6)

CVE-2014-0193
MEDIUM5.0

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.

Published: 2014-05-06Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2014-3488
MEDIUM5.0

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

Published: 2014-07-31Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2015-2156
HIGH7.5

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Published: 2017-10-18Modified: 2025-04-20
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
GHSA-7vpq-g998-qpv7
NONE

Netty denial of service vulnerability

Published: 2022-05-13Modified: 2024-04-16
References
GHSA-9959-6p3m-wxpc
NONE

Denial of service in Netty

Published: 2020-07-01Modified: 2021-09-22
References
GHSA-xfv3-rrfm-f2rv
HIGH7.5

Information Exposure in Netty

Published: 2020-07-01Modified: 2021-09-22
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References