CVE-2022-41881
5.3MEDIUMNetty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an in
Published: 12/12/2022Updated: 11/21/2024
Description
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
AI AnalysisPowered by AI
Affected Products
nettynetty
debiandebian_linux
10.0
debiandebian_linux
11.0
References
- https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985vExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/01/msg00008.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20230113-0004/Third Party Advisory
- https://www.debian.org/security/2023/dsa-5316Third Party Advisory
- https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985vExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/01/msg00008.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20230113-0004/Third Party Advisory
- https://www.debian.org/security/2023/dsa-5316Third Party Advisory