Vulnerability Description
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netty | Netty | < 4.1.115 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3Patch
- https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rvExploitVendor Advisory
FAQ
What is CVE-2024-47535?
CVE-2024-47535 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could poten...
How severe is CVE-2024-47535?
CVE-2024-47535 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-47535?
Check the references section above for vendor advisories and patch information. Affected products include: Netty Netty, Microsoft Windows.