Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NNetty
APPNetty< 4.1.1334.2.0 – 4.2.13 (bez)
Powiązane podatności
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpr...
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Con...
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can ...
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2...
Netty is a network application framework for development of protocol servers and clients. In netty-codec-hapro...