CVE-2020-11612
published 2020-04-07CVE-2020-11612: The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | netty | < netty 1:4.1.48-1 (bookworm) | netty 1:4.1.48-1 (bookworm) |
| fedoraproject | fedora | — | — |
| netty | netty | >= 0 < 1:4.1.48-1 | 1:4.1.48-1 |
| netty | netty | >= 0 < 1:4.1.48-1 | 1:4.1.48-1 |
| netty | netty | >= 0 < 1:4.1.48-1 | 1:4.1.48-1 |
| netty | netty | >= 0 < 1:4.1.48-1 | 1:4.1.48-1 |
| netty | netty | >= 0 < 1:4.1.7-4ubuntu0.1 | 1:4.1.7-4ubuntu0.1 |
| netty | netty | >= 0 < 1:4.1.48-4+deb11u1build0.22.04.1 | 1:4.1.48-4+deb11u1build0.22.04.1 |
| netty | netty | >= 0 < 1:4.0.34-1ubuntu0.1~esm1 | 1:4.0.34-1ubuntu0.1~esm1 |
| netty | netty | >= 0 < 1:4.1.7-4ubuntu0.1+esm2 | 1:4.1.7-4ubuntu0.1+esm2 |
| netty | netty | >= 0 < 1:4.1.45-1ubuntu0.1~esm1 | 1:4.1.45-1ubuntu0.1~esm1 |
| netty | netty | >= 4.1 < 4.1.46 | 4.1.46 |
| oracle | communications_brm_elastic_charging_engine | — | — |
| oracle | communications_cloud_native_core_service_communication_proxy | — | — |
| oracle | communications_design_studio | — | — |
| oracle | communications_messaging_server | — | — |
| oracle | nosql_database | < 20.3 | 20.3 |
| oracle | siebel_core_server_framework | < 21.5 | 21.5 |
| oracle | webcenter_portal | — | — |
| oracle | webcenter_portal | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH