Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.netty/netty-common@4.1.4.Final
Typemaven
Namespaceio.netty
Namenetty-common
Version4.1.4.Final
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.118.Final
Latest_non_vulnerable_version4.1.118.Final
Affected_by_vulnerabilities
0
url VCID-5vth-uvb8-kke2
vulnerability_id VCID-5vth-uvb8-kke2
summary 
Denial of Service attack on windows app using Netty
### Summary
An unsafe reading of environment file could potentially cause a denial of service in Netty.
When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash.

### Details
A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit.


### PoC
The PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00.
When the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character.

### Impact
Impact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25193.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25193.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-25193
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26453
published_at 2026-04-18T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26482
published_at 2026-04-16T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26476
published_at 2026-04-13T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.26534
published_at 2026-04-12T12:55:00Z
4
value 0.00096
scoring_system epss
scoring_elements 0.2658
published_at 2026-04-11T12:55:00Z
5
value 0.00096
scoring_system epss
scoring_elements 0.26524
published_at 2026-04-08T12:55:00Z
6
value 0.00096
scoring_system epss
scoring_elements 0.26573
published_at 2026-04-09T12:55:00Z
7
value 0.00098
scoring_system epss
scoring_elements 0.27191
published_at 2026-04-04T12:55:00Z
8
value 0.00098
scoring_system epss
scoring_elements 0.26984
published_at 2026-04-07T12:55:00Z
9
value 0.00098
scoring_system epss
scoring_elements 0.27155
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-25193
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
4
reference_url https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:22:08Z/
url https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386
5
reference_url https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:22:08Z/
url https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-25193
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-25193
7
reference_url https://security.netapp.com/advisory/ntap-20250221-0006
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250221-0006
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2344788
reference_id 2344788
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2344788
9
reference_url https://github.com/advisories/GHSA-389x-839f-4rhx
reference_id GHSA-389x-839f-4rhx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-389x-839f-4rhx
fixed_packages
0
url pkg:maven/io.netty/netty-common@4.1.118.Final
purl pkg:maven/io.netty/netty-common@4.1.118.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-common@4.1.118.Final
aliases CVE-2025-25193, GHSA-389x-839f-4rhx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vth-uvb8-kke2
1
url VCID-e92u-331h-bkcb
vulnerability_id VCID-e92u-331h-bkcb
summary This advisory has been marked as False Positive and moved to `netty-codec-http`, `netty-handler` and `netty-common`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21290.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21290.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21290
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07232
published_at 2026-04-18T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07236
published_at 2026-04-16T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07306
published_at 2026-04-13T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07316
published_at 2026-04-12T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07329
published_at 2026-04-11T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.0733
published_at 2026-04-09T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07303
published_at 2026-04-08T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07248
published_at 2026-04-07T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07271
published_at 2026-04-04T12:55:00Z
9
value 0.00026
scoring_system epss
scoring_elements 0.07226
published_at 2026-04-02T12:55:00Z
10
value 0.00026
scoring_system epss
scoring_elements 0.07106
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21290
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
11
reference_url https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec
12
reference_url https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
13
reference_url https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05@%3Cdev.kafka.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f@%3Cdev.ranger.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5@%3Cjira.kafka.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b@%3Cjira.kafka.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3Cdev.zookeeper.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4@%3Cdev.kafka.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87@%3Cissues.zookeeper.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059@%3Cjira.kafka.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b@%3Cdev.kafka.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020@%3Cdev.tinkerpop.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020@%3Cdev.tinkerpop.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3Cjira.kafka.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b@%3Cissues.zookeeper.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29@%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29@%3Cusers.activemq.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214@%3Ccommits.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214@%3Ccommits.kafka.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3Cjira.kafka.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f@%3Ccommits.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f@%3Ccommits.kafka.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12@%3Cdev.zookeeper.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3Cissues.bookkeeper.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5@%3Cdev.ranger.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48@%3Ccommits.pulsar.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013@%3Cjira.kafka.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e@%3Cjira.kafka.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3Cdev.kafka.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325@%3Ccommits.pulsar.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3Cissues.zookeeper.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3Cissues.zookeeper.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb@%3Cjira.kafka.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d@%3Ccommits.pulsar.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18@%3Cjira.kafka.apache.org%3E
43
reference_url https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html
44
reference_url https://security.netapp.com/advisory/ntap-20220210-0011
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0011
45
reference_url https://security.netapp.com/advisory/ntap-20220210-0011/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0011/
46
reference_url https://www.debian.org/security/2021/dsa-4885
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4885
47
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
48
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
49
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
50
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
51
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1927028
reference_id 1927028
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1927028
52
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982580
reference_id 982580
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982580
53
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21290
reference_id CVE-2021-21290
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21290
54
reference_url https://github.com/advisories/GHSA-5mcr-gq6c-3hq2
reference_id GHSA-5mcr-gq6c-3hq2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5mcr-gq6c-3hq2
55
reference_url https://access.redhat.com/errata/RHSA-2021:0943
reference_id RHSA-2021:0943
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0943
56
reference_url https://access.redhat.com/errata/RHSA-2021:0986
reference_id RHSA-2021:0986
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0986
57
reference_url https://access.redhat.com/errata/RHSA-2021:1511
reference_id RHSA-2021:1511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1511
58
reference_url https://access.redhat.com/errata/RHSA-2021:2046
reference_id RHSA-2021:2046
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2046
59
reference_url https://access.redhat.com/errata/RHSA-2021:2047
reference_id RHSA-2021:2047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2047
60
reference_url https://access.redhat.com/errata/RHSA-2021:2048
reference_id RHSA-2021:2048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2048
61
reference_url https://access.redhat.com/errata/RHSA-2021:2051
reference_id RHSA-2021:2051
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2051
62
reference_url https://access.redhat.com/errata/RHSA-2021:2070
reference_id RHSA-2021:2070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2070
63
reference_url https://access.redhat.com/errata/RHSA-2021:2139
reference_id RHSA-2021:2139
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2139
64
reference_url https://access.redhat.com/errata/RHSA-2021:2210
reference_id RHSA-2021:2210
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2210
65
reference_url https://access.redhat.com/errata/RHSA-2021:2689
reference_id RHSA-2021:2689
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2689
66
reference_url https://access.redhat.com/errata/RHSA-2021:2755
reference_id RHSA-2021:2755
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2755
67
reference_url https://access.redhat.com/errata/RHSA-2021:3225
reference_id RHSA-2021:3225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3225
68
reference_url https://access.redhat.com/errata/RHSA-2021:3700
reference_id RHSA-2021:3700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3700
69
reference_url https://access.redhat.com/errata/RHSA-2021:3880
reference_id RHSA-2021:3880
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3880
70
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
71
reference_url https://access.redhat.com/errata/RHSA-2022:0190
reference_id RHSA-2022:0190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0190
72
reference_url https://access.redhat.com/errata/RHSA-2022:1108
reference_id RHSA-2022:1108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1108
73
reference_url https://access.redhat.com/errata/RHSA-2022:1110
reference_id RHSA-2022:1110
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1110
74
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
75
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
0
url pkg:maven/io.netty/netty-common@4.1.59.Final
purl pkg:maven/io.netty/netty-common@4.1.59.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vth-uvb8-kke2
1
vulnerability VCID-h4rg-c4rj-6kdj
2
vulnerability VCID-tp3n-7ac7-aqg8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-common@4.1.59.Final
aliases CVE-2021-21290, GHSA-5mcr-gq6c-3hq2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e92u-331h-bkcb
2
url VCID-h4rg-c4rj-6kdj
vulnerability_id VCID-h4rg-c4rj-6kdj
summary This advisory has been marked as False Positive and moved to `netty-common`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24823.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24823.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24823
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60828
published_at 2026-04-18T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60822
published_at 2026-04-16T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60779
published_at 2026-04-13T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60798
published_at 2026-04-12T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.60812
published_at 2026-04-11T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60791
published_at 2026-04-09T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60775
published_at 2026-04-08T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60726
published_at 2026-04-07T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60761
published_at 2026-04-04T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60732
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24823
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24823
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24823
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
5
reference_url https://github.com/netty/netty/commit/185f8b2756a36aaa4f973f1a2a025e7d981823f1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:48:11Z/
url https://github.com/netty/netty/commit/185f8b2756a36aaa4f973f1a2a025e7d981823f1
6
reference_url https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:48:11Z/
url https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
7
reference_url https://security.netapp.com/advisory/ntap-20220616-0004
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220616-0004
8
reference_url https://security.netapp.com/advisory/ntap-20220616-0004/
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:48:11Z/
url https://security.netapp.com/advisory/ntap-20220616-0004/
9
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:48:11Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010693
reference_id 1010693
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010693
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2087186
reference_id 2087186
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2087186
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24823
reference_id CVE-2022-24823
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24823
13
reference_url https://github.com/advisories/GHSA-269q-hmxg-m83q
reference_id GHSA-269q-hmxg-m83q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-269q-hmxg-m83q
14
reference_url https://github.com/netty/netty/security/advisories/GHSA-269q-hmxg-m83q
reference_id GHSA-269q-hmxg-m83q
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:48:11Z/
url https://github.com/netty/netty/security/advisories/GHSA-269q-hmxg-m83q
15
reference_url https://access.redhat.com/errata/RHSA-2022:5892
reference_id RHSA-2022:5892
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5892
16
reference_url https://access.redhat.com/errata/RHSA-2022:5893
reference_id RHSA-2022:5893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5893
17
reference_url https://access.redhat.com/errata/RHSA-2022:5894
reference_id RHSA-2022:5894
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5894
18
reference_url https://access.redhat.com/errata/RHSA-2022:5928
reference_id RHSA-2022:5928
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5928
19
reference_url https://access.redhat.com/errata/RHSA-2022:6819
reference_id RHSA-2022:6819
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6819
20
reference_url https://access.redhat.com/errata/RHSA-2022:6916
reference_id RHSA-2022:6916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6916
21
reference_url https://access.redhat.com/errata/RHSA-2022:8524
reference_id RHSA-2022:8524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8524
22
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
23
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
24
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
25
reference_url https://usn.ubuntu.com/7284-1/
reference_id USN-7284-1
reference_type
scores
url https://usn.ubuntu.com/7284-1/
fixed_packages
0
url pkg:maven/io.netty/netty-common@4.1.77.Final
purl pkg:maven/io.netty/netty-common@4.1.77.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vth-uvb8-kke2
1
vulnerability VCID-tp3n-7ac7-aqg8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-common@4.1.77.Final
aliases CVE-2022-24823, GHSA-269q-hmxg-m83q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4rg-c4rj-6kdj
3
url VCID-tp3n-7ac7-aqg8
vulnerability_id VCID-tp3n-7ac7-aqg8
summary 
Denial of Service attack on windows app using netty
### Summary

An unsafe reading of environment file could potentially cause a denial of service in Netty.
When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash.


### Details

When the library netty is loaded in a java windows application, the library tries to identify the system environnement in which it is executed.

At this stage, Netty tries to load both `/etc/os-release` and `/usr/lib/os-release` even though it is in a Windows environment. 

<img width="364" alt="1" src="https://github.com/user-attachments/assets/9466b181-9394-45a3-b0e3-1dcf105def59">

If netty finds this files, it reads them and loads them into memory.

By default :

- The JVM maximum memory size is set to 1 GB,
- A non-privileged user can create a directory at `C:\` and create files within it.

<img width="340" alt="2" src="https://github.com/user-attachments/assets/43b359a2-5871-4592-ae2b-ffc40ac76831">

<img width="523" alt="3" src="https://github.com/user-attachments/assets/ad5c6eed-451c-4513-92d5-ba0eee7715c1">

the source code identified :
https://github.com/netty/netty/blob/4.1/common/src/main/java/io/netty/util/internal/PlatformDependent.java

Despite the implementation of the function `normalizeOs()` the source code not verify the OS before reading `C:\etc\os-release` and `C:\usr\lib\os-release`.

### PoC

Create a file larger than 1 GB of data in `C:\etc\os-release` or `C:\usr\lib\os-release` on a Windows environnement and start your Netty application.

To observe what the application does with the file, the security analyst used "Process Monitor" from the "Windows SysInternals" suite. (https://learn.microsoft.com/en-us/sysinternals/)

```
cd C:\etc
fsutil file createnew os-release 3000000000
```

<img width="519" alt="4" src="https://github.com/user-attachments/assets/39df22a3-462b-4fd0-af9a-aa30077ec08f">

<img width="517" alt="5" src="https://github.com/user-attachments/assets/129dbd50-fc36-4da5-8eb1-582123fb528f">

The source code used is the Netty website code example : [Echo ‐ the very basic client and server](https://netty.io/4.1/xref/io/netty/example/echo/package-summary.html).

The vulnerability was tested on the 4.1.112.Final version.

The security analyst tried the same technique for `C:\proc\sys\net\core\somaxconn` with a lot of values to impact Netty but the only things that works is the "larger than 1 GB file" technique. https://github.com/netty/netty/blob/c0fdb8e9f8f256990e902fcfffbbe10754d0f3dd/common/src/main/java/io/netty/util/NetUtil.java#L186

### Impact

By loading the "file larger than 1 GB" into the memory, the Netty library exceeds the JVM memory limit and causes a crash in the java Windows application.

This behaviour occurs 100% of the time in both Server mode and Client mode if the large file exists.

Client mode :

<img width="449" alt="6" src="https://github.com/user-attachments/assets/f8fe1ed0-1a42-4490-b9ed-dbc9af7804be">

Server mode :

<img width="464" alt="7" src="https://github.com/user-attachments/assets/b34b42bd-4fbd-4170-b93a-d29ba87b88eb">

somaxconn :

<img width="532" alt="8" src="https://github.com/user-attachments/assets/0656b3bb-32c6-4ae2-bff7-d93babba08a3">

### Severity

- Attack vector : "Local" because the attacker needs to be on the system where the Netty application is running.
- Attack complexity : "Low" because the attacker only need to create a massive file (regardless of its contents).
- Privileges required : "Low" because the attacker requires a user account to exploit the vulnerability.
- User intercation : "None" because the administrator don't need to accidentally click anywhere to trigger the vulnerability. Furthermore, the exploitation works with defaults windows/AD settings.
- Scope : "Unchanged" because only Netty is affected by the vulnerability.
- Confidentiality : "None" because no data is exposed through exploiting the vulnerability.
- Integrity : "None" because the explotation of the vulnerability does not allow editing, deleting or adding data elsewhere.
- Availability : "High" because the exploitation of this vulnerability crashes the entire java application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47535.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47535.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47535
reference_id
reference_type
scores
0
value 0.00467
scoring_system epss
scoring_elements 0.64495
published_at 2026-04-18T12:55:00Z
1
value 0.00467
scoring_system epss
scoring_elements 0.64483
published_at 2026-04-16T12:55:00Z
2
value 0.00467
scoring_system epss
scoring_elements 0.64448
published_at 2026-04-13T12:55:00Z
3
value 0.00467
scoring_system epss
scoring_elements 0.64409
published_at 2026-04-07T12:55:00Z
4
value 0.00467
scoring_system epss
scoring_elements 0.64477
published_at 2026-04-12T12:55:00Z
5
value 0.00467
scoring_system epss
scoring_elements 0.64489
published_at 2026-04-11T12:55:00Z
6
value 0.00467
scoring_system epss
scoring_elements 0.6445
published_at 2026-04-04T12:55:00Z
7
value 0.00467
scoring_system epss
scoring_elements 0.6442
published_at 2026-04-02T12:55:00Z
8
value 0.00467
scoring_system epss
scoring_elements 0.64457
published_at 2026-04-08T12:55:00Z
9
value 0.00467
scoring_system epss
scoring_elements 0.64473
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47535
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
4
reference_url https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T20:43:58Z/
url https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3
5
reference_url https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T20:43:58Z/
url https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47535
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47535
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2325538
reference_id 2325538
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2325538
8
reference_url https://github.com/advisories/GHSA-xq3w-v528-46rv
reference_id GHSA-xq3w-v528-46rv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xq3w-v528-46rv
fixed_packages
0
url pkg:maven/io.netty/netty-common@4.1.115.Final
purl pkg:maven/io.netty/netty-common@4.1.115.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vth-uvb8-kke2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-common@4.1.115.Final
aliases CVE-2024-47535, GHSA-xq3w-v528-46rv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tp3n-7ac7-aqg8
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-common@4.1.4.Final