CVE-2020-11612 (GCVE-0-2020-11612)
Vulnerability from cvelistv5 – Published: 2020-04-07 18:00 – Updated: 2024-08-04 11:35
VLAI?
Summary
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
45 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[druid-commits] 20200408 [GitHub] [druid] ccaominh opened a new pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh opened a new pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh commented on issue #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [druid] branch 0.18.0 updated: Upgrade netty 4 to fix CVE-2020-11612 (#9651) (#9654)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Updated] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200413 [GitHub] [zookeeper] phunt opened a new pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Assigned] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] eolivelli commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] phunt commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200415 [jira] [Resolved] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch release-3.6.1 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 [GitHub] [zookeeper] eolivelli closed pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-master-maven-jdk12 #465",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-branch36-java8 #137",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200416 [GitHub] [pulsar] massakam opened a new pull request #6746: [build] Bump netty version to 4.1.48.Final",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven #784",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-jdk12 #490",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/issues/6168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/pull/9924"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201223-0001/"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:21:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[druid-commits] 20200408 [GitHub] [druid] ccaominh opened a new pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh opened a new pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh commented on issue #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [druid] branch 0.18.0 updated: Upgrade netty 4 to fix CVE-2020-11612 (#9651) (#9654)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Updated] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200413 [GitHub] [zookeeper] phunt opened a new pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Assigned] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] eolivelli commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] phunt commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200415 [jira] [Resolved] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch release-3.6.1 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 [GitHub] [zookeeper] eolivelli closed pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-master-maven-jdk12 #465",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-branch36-java8 #137",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200416 [GitHub] [pulsar] massakam opened a new pull request #6746: [build] Bump netty version to 4.1.48.Final",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven #784",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-jdk12 #490",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/issues/6168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/pull/9924"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201223-0001/"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[druid-commits] 20200408 [GitHub] [druid] ccaominh opened a new pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9651: Upgrade netty 4 to fix CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh opened a new pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] ccaominh commented on issue #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [GitHub] [druid] jon-wei merged pull request #9654: [Backport] Upgrade netty 4 to fix CVE-2020-11612 (#9651)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200409 [druid] branch 0.18.0 updated: Upgrade netty 4 to fix CVE-2020-11612 (#9651) (#9654)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Updated] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200413 [jira] [Created] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200413 [GitHub] [zookeeper] phunt opened a new pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200413 [jira] [Assigned] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] eolivelli commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200414 [GitHub] [zookeeper] phunt commented on issue #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200415 [jira] [Resolved] (ZOOKEEPER-3794) upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch release-3.6.1 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 [GitHub] [zookeeper] eolivelli closed pull request #1319: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200415 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-master-maven-jdk12 #465",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200415 Build failed in Jenkins: zookeeper-branch36-java8 #137",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200416 [GitHub] [pulsar] massakam opened a new pull request #6746: [build] Bump netty version to 4.1.48.Final",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven #784",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-jdk12 #490",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3794: upgrade netty to address CVE-2020-11612 - fixed file rename typo",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://github.com/netty/netty/issues/6168",
"refsource": "MISC",
"url": "https://github.com/netty/netty/issues/6168"
},
{
"name": "https://github.com/netty/netty/pull/9924",
"refsource": "MISC",
"url": "https://github.com/netty/netty/pull/9924"
},
{
"name": "https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final",
"refsource": "MISC",
"url": "https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final"
},
{
"name": "https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201223-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201223-0001/"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11612",
"datePublished": "2020-04-07T18:00:34.000Z",
"dateReserved": "2020-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:35:13.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-11612",
"date": "2026-05-22",
"epss": "0.04327",
"percentile": "0.89023"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1\", \"versionEndExcluding\": \"4.1.46\", \"matchCriteriaId\": \"5D244264-A923-47AA-AAED-35C184E7E984\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EC98B22-FFAA-4B59-8E63-EBAA4336AD13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06594847-96ED-4541-B2F4-C7331B603603\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CEE0833-F063-431F-AAA6-FFAAF9FEE7FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A67AA54B-258D-4D09-9ACB-4085E0B3E585\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20.3\", \"matchCriteriaId\": \"D04565AE-D092-4AE0-8FEE-0E8114662A1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.5\", \"matchCriteriaId\": \"3728A81F-E9BA-4357-8652-701D380FD88F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A502118-5B2B-47AE-82EC-1999BD841103\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7569C0BD-16C1-441E-BAEB-840C94BE73EF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.\"}, {\"lang\": \"es\", \"value\": \"El ZlibDecoders en Netty versiones 4.1.x anteriores a 4.1.46, permite una asignaci\\u00f3n de memoria ilimitada mientras decodifican un flujo de bytes de ZlibEncoded. Un atacante podr\\u00eda enviar una secuencia de bytes de ZlibEncoded grande hacia el servidor de Netty, forzando al servidor a asignar toda su memoria liberada a un \\u00fanico decodificador.\"}]",
"id": "CVE-2020-11612",
"lastModified": "2024-11-21T04:58:14.617",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-04-07T18:15:13.697",
"references": "[{\"url\": \"https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/netty/netty/issues/6168\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/netty/netty/pull/9924\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20201223-0001/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4885\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/netty/netty/issues/6168\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/netty/netty/pull/9924\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20201223-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4885\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-11612\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-04-07T18:15:13.697\",\"lastModified\":\"2024-11-21T04:58:14.617\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.\"},{\"lang\":\"es\",\"value\":\"El ZlibDecoders en Netty versiones 4.1.x anteriores a 4.1.46, permite una asignaci\u00f3n de memoria ilimitada mientras decodifican un flujo de bytes de ZlibEncoded. Un atacante podr\u00eda enviar una secuencia de bytes de ZlibEncoded grande hacia el servidor de Netty, forzando al servidor a asignar toda su memoria liberada a un \u00fanico decodificador.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1\",\"versionEndExcluding\":\"4.1.46\",\"matchCriteriaId\":\"5D244264-A923-47AA-AAED-35C184E7E984\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC98B22-FFAA-4B59-8E63-EBAA4336AD13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06594847-96ED-4541-B2F4-C7331B603603\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CEE0833-F063-431F-AAA6-FFAAF9FEE7FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A67AA54B-258D-4D09-9ACB-4085E0B3E585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.3\",\"matchCriteriaId\":\"D04565AE-D092-4AE0-8FEE-0E8114662A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.5\",\"matchCriteriaId\":\"3728A81F-E9BA-4357-8652-701D380FD88F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A502118-5B2B-47AE-82EC-1999BD841103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7569C0BD-16C1-441E-BAEB-840C94BE73EF\"}]}]}],\"references\":[{\"url\":\"https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/issues/6168\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/pull/9924\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20201223-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4885\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/issues/6168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/pull/9924\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20201223-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…