漏洞信息详情
Netty WebSocket08FrameDecoder 资源管理错误漏洞
- CNNVD编号:CNNVD-201405-062
- 危害等级: 中危
- CVE编号: CVE-2014-0193
- 漏洞类型: 资源管理错误
- 发布时间: 2014-05-08
- 威胁类型: 远程
- 更新时间: 2021-04-20
- 厂 商: netty_project
- 漏洞来源:
漏洞简介
Netty是Netty项目社区的一个提供了异步的、事件驱动的Java网络应用程序框架和工具,它用以快速开发高性能、高可靠性的网络服务器和客户端程序。
Netty中的WebSocket08FrameDecoder类中存在安全漏洞。远程攻击者可利用该漏洞造成拒绝服务(内存耗尽)。以下版本受到影响:Netty 3.6.9之前的3.6.x版本,3.7.0版本,3.8.2之前的3.8.x版本,3.9.1之前的3.9.x版本,4.0.19之前的4.0.x版本。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://netty.io/news/2014/04/30/release-day.HTML
参考网址
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2014-1021.HTML
来源:BID
链接:https://www.securityfocus.com/bid/67182
来源:SECUNIA
链接:http://secunia.com/advisories/59290
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2015-0675.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/58280
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2014-1019.HTML
来源:CONFIRM
链接:https://github.com/netty/netty/issues/2441
来源:BID
链接:http://www.securityfocus.com/bid/67182
来源:CONFIRM
链接:http://netty.io/news/2014/04/30/release-day.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2014-1351.HTML
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2015-0720.HTML
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2014-1020.HTML
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2015-0765.HTML
来源:lists.debian.org
链接:https://lists.debian.org/debian-lts-announce/2020/02/msg00018.HTML
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0583/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1427/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/
受影响实体
- Netty_project Netty:4.0.18
- Netty_project Netty:4.0.15
- Netty_project Netty:4.0.16
- Netty_project Netty:4.0.17
- Netty_project Netty:4.0.14
补丁
- netty-netty-3.7.1.Final
- netty-netty-3.9.1.Final
- netty-netty-3.6.9.Final
- netty-netty-3.8.2.Final
- netty-netty-4.0.19.Final
评论