Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 25 results


CVE-2021-21295

Medium priority

Some fixes available 5 of 13

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final...

1 affected packages

netty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netty Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-21290

Medium priority

Some fixes available 6 of 13

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on...

1 affected packages

netty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netty Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-11612

Medium priority

Some fixes available 3 of 5

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server...

1 affected packages

netty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netty Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2019-20445

Medium priority

Some fixes available 4 of 6

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

2 affected packages

netty, netty-3.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netty Not affected Not affected Not affected Fixed Vulnerable
netty-3.9 Not in release Not in release Not in release Fixed Fixed
Show less packages

CVE-2019-20444

Medium priority

Some fixes available 4 of 6

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

2 affected packages

netty, netty-3.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netty Not affected Not affected Not affected Fixed Vulnerable
netty-3.9 Not in release Not in release Not in release Fixed Fixed
Show less packages

CVE-2020-7238

Medium priority

Some fixes available 2 of 5

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete...

2 affected packages

netty, netty-3.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netty Not affected Not affected Not affected Needs evaluation Needs evaluation
netty-3.9 Not in release Not in release Not in release Not affected Fixed
Show less packages

CVE-2019-16869

Medium priority

Some fixes available 3 of 7

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

2 affected packages

netty, netty-3.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netty Not affected Not affected Not affected Vulnerable Vulnerable
netty-3.9 Not in release Not in release Not in release Fixed Fixed
Show less packages

CVE-2019-9518

Medium priority

Some fixes available 1 of 24

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be...

2 affected packages

netty, trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netty Vulnerable Vulnerable Vulnerable Fixed Not affected
trafficserver Needs evaluation Needs evaluation Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2019-9515

Medium priority

Some fixes available 14 of 64

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...

7 affected packages

golang-google-grpc, grpc, h2o, netty, nginx...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Vulnerable Not in release
netty Vulnerable Vulnerable Vulnerable Fixed Not affected
nginx Not affected Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable Needs evaluation
twisted Fixed Fixed Fixed Fixed Not affected
Show all 7 packages Show less packages

CVE-2019-9514

Medium priority

Some fixes available 14 of 81

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Needs evaluation
golang-1.11 Not in release Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.7 Not in release Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Needs evaluation Not in release
netty Vulnerable Vulnerable Vulnerable Fixed Not affected
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Ignored Ignored
trafficserver Not affected Not affected Not affected Vulnerable Needs evaluation
twisted Fixed Fixed Fixed Fixed Not affected
Show all 16 packages Show less packages