Denial of Service Vulnerability in Netty by Red Hat
CVE-2014-0193

Currently unrated

Key Information:

Vendor: Netty
Status: Netty
Vendor: CVE Published:; 6 May 2014

Summary

The WebSocket08FrameDecoder component of Netty versions prior to 3.6.9, 3.7.1, 3.8.2, 3.9.1, and 4.0.19 contains a vulnerability that allows remote attackers to exploit a crafted TextWebSocketFrame followed by a prolonged series of ContinuationWebSocketFrames. This results in excessive memory consumption, potentially leading to service outages and degradation of application performance, impacting the overall availability of affected services.

References

http://www.securityfocus.com/bid/67182

vdb-entryx_refsource_BID

http://rhn.redhat.com/errata/RHSA-2015-0765.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/59290

third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 6, 2014
Vulnerability Reserved
Dec 3, 2013