Back to search
CVE-2020-11612
Published: Apr 7, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9651: Upgrade netty 4 to fix CVE-2020-11612
mailing-list
x_refsource_MLIST
[druid-commits] 20200409 [druid] branch 0.18.0 updated: Upgrade netty 4 to fix CVE-2020-11612 (#9651) (#9654)
mailing-list
x_refsource_MLIST
[zookeeper-issues] 20200413 [jira] [Updated] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612
mailing-list
x_refsource_MLIST
[zookeeper-issues] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612
mailing-list
x_refsource_MLIST
[zookeeper-dev] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612
mailing-list
x_refsource_MLIST
[zookeeper-issues] 20200413 [jira] [Assigned] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612
mailing-list
x_refsource_MLIST
[zookeeper-issues] 20200415 [jira] [Resolved] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612
mailing-list
x_refsource_MLIST
[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-master-maven-jdk12 #465
mailing-list
x_refsource_MLIST
[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-branch36-java8 #137
mailing-list
x_refsource_MLIST
[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven #784
mailing-list
x_refsource_MLIST
[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489
mailing-list
x_refsource_MLIST
[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-jdk12 #490
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update
mailing-list
x_refsource_MLIST
[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink
mailing-list
x_refsource_MLIST
[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink
mailing-list
x_refsource_MLIST
FEDORA-2020-66b5f85ccc
vendor-advisory
x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpujan2021.html
x_refsource_MISC
https://github.com/netty/netty/issues/6168
x_refsource_MISC
https://github.com/netty/netty/pull/9924
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20201223-0001/
x_refsource_CONFIRM
DSA-4885
vendor-advisory
x_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now