CVE-2020-11612: Buffer Overflow
First published: Fri Jan 31 2020(Updated: )
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/qpid-cpp | <0:1.36.0-30.el6_10a | 0:1.36.0-30.el6_10a |
| redhat/qpid-proton | <0:0.31.0-3.el6_10 | 0:0.31.0-3.el6_10 |
| redhat/qpid-cpp | <0:1.36.0-30.el7a | 0:1.36.0-30.el7a |
| redhat/qpid-proton | <0:0.31.0-3.el7 | 0:0.31.0-3.el7 |
| redhat/nodejs-rhea | <0:1.0.21-1.el8 | 0:1.0.21-1.el8 |
| redhat/qpid-cpp | <0:1.39.0-5.el8a | 0:1.39.0-5.el8a |
| redhat/qpid-proton | <0:0.31.0-3.el8 | 0:0.31.0-3.el8 |
| redhat/eap7-netty | <0:4.1.48-1.Final_redhat_00001.1.el6ea | 0:4.1.48-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-dom4j | <0:2.1.3-1.redhat_00001.1.el7ea | 0:2.1.3-1.redhat_00001.1.el7ea |
| redhat/eap7-elytron-web | <0:1.6.2-1.Final_redhat_00001.1.el7ea | 0:1.6.2-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-glassfish-jsf | <0:2.3.9-11.SP11_redhat_00001.1.el7ea | 0:2.3.9-11.SP11_redhat_00001.1.el7ea |
| redhat/eap7-hal-console | <0:3.2.9-1.Final_redhat_00001.1.el7ea | 0:3.2.9-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate | <0:5.3.17-1.Final_redhat_00001.1.el7ea | 0:5.3.17-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate-validator | <0:6.0.20-1.Final_redhat_00001.1.el7ea | 0:6.0.20-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-infinispan | <0:9.4.19-1.Final_redhat_00001.1.el7ea | 0:9.4.19-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar | <0:1.4.22-1.Final_redhat_00001.1.el7ea | 0:1.4.22-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jackson-annotations | <0:2.10.4-1.redhat_00001.1.el7ea | 0:2.10.4-1.redhat_00001.1.el7ea |
| redhat/eap7-jackson-core | <0:2.10.4-1.redhat_00001.1.el7ea | 0:2.10.4-1.redhat_00001.1.el7ea |
| redhat/eap7-jackson-databind | <0:2.10.4-1.redhat_00001.1.el7ea | 0:2.10.4-1.redhat_00001.1.el7ea |
| redhat/eap7-jackson-jaxrs-providers | <0:2.10.4-1.redhat_00001.1.el7ea | 0:2.10.4-1.redhat_00001.1.el7ea |
| redhat/eap7-jackson-modules-base | <0:2.10.4-1.redhat_00001.1.el7ea | 0:2.10.4-1.redhat_00001.1.el7ea |
| redhat/eap7-jackson-modules-java8 | <0:2.10.4-1.redhat_00001.1.el7ea | 0:2.10.4-1.redhat_00001.1.el7ea |
| redhat/eap7-jboss-genericjms | <0:2.0.6-1.Final_redhat_00001.1.el7ea | 0:2.0.6-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-logmanager | <0:2.1.15-1.Final_redhat_00001.1.el7ea | 0:2.1.15-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration | <0:1.7.1-7.Final_redhat_00009.1.el7ea | 0:1.7.1-7.Final_redhat_00009.1.el7ea |
| redhat/eap7-jboss-xnio-base | <0:3.7.8-1.SP1_redhat_00001.1.el7ea | 0:3.7.8-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-netty | <0:4.1.48-1.Final_redhat_00001.1.el7ea | 0:4.1.48-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-undertow | <0:2.0.30-4.SP4_redhat_00001.1.el7ea | 0:2.0.30-4.SP4_redhat_00001.1.el7ea |
| redhat/eap7-wildfly | <0:7.3.2-4.GA_redhat_00002.1.el7ea | 0:7.3.2-4.GA_redhat_00002.1.el7ea |
| redhat/eap7-wildfly-common | <0:1.5.2-1.Final_redhat_00002.1.el7ea | 0:1.5.2-1.Final_redhat_00002.1.el7ea |
| redhat/eap7-wildfly-elytron | <0:1.10.7-1.Final_redhat_00001.1.el7ea | 0:1.10.7-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-http-client | <0:1.0.22-1.Final_redhat_00001.1.el7ea | 0:1.0.22-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-dom4j | <0:2.1.3-1.redhat_00001.1.el8ea | 0:2.1.3-1.redhat_00001.1.el8ea |
| redhat/eap7-elytron-web | <0:1.6.2-1.Final_redhat_00001.1.el8ea | 0:1.6.2-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-glassfish-jsf | <0:2.3.9-11.SP11_redhat_00001.1.el8ea | 0:2.3.9-11.SP11_redhat_00001.1.el8ea |
| redhat/eap7-hal-console | <0:3.2.9-1.Final_redhat_00001.1.el8ea | 0:3.2.9-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate | <0:5.3.17-1.Final_redhat_00001.1.el8ea | 0:5.3.17-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate-validator | <0:6.0.20-1.Final_redhat_00001.1.el8ea | 0:6.0.20-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-infinispan | <0:9.4.19-1.Final_redhat_00001.1.el8ea | 0:9.4.19-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar | <0:1.4.22-1.Final_redhat_00001.1.el8ea | 0:1.4.22-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jackson-annotations | <0:2.10.4-1.redhat_00001.1.el8ea | 0:2.10.4-1.redhat_00001.1.el8ea |
| redhat/eap7-jackson-core | <0:2.10.4-1.redhat_00001.1.el8ea | 0:2.10.4-1.redhat_00001.1.el8ea |
| redhat/eap7-jackson-databind | <0:2.10.4-1.redhat_00001.1.el8ea | 0:2.10.4-1.redhat_00001.1.el8ea |
| redhat/eap7-jackson-jaxrs-providers | <0:2.10.4-1.redhat_00001.1.el8ea | 0:2.10.4-1.redhat_00001.1.el8ea |
| redhat/eap7-jackson-modules-base | <0:2.10.4-1.redhat_00001.1.el8ea | 0:2.10.4-1.redhat_00001.1.el8ea |
| redhat/eap7-jackson-modules-java8 | <0:2.10.4-1.redhat_00001.1.el8ea | 0:2.10.4-1.redhat_00001.1.el8ea |
| redhat/eap7-jboss-genericjms | <0:2.0.6-1.Final_redhat_00001.1.el8ea | 0:2.0.6-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-logmanager | <0:2.1.15-1.Final_redhat_00001.1.el8ea | 0:2.1.15-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration | <0:1.7.1-7.Final_redhat_00009.1.el8ea | 0:1.7.1-7.Final_redhat_00009.1.el8ea |
| redhat/eap7-jboss-xnio-base | <0:3.7.8-1.SP1_redhat_00001.1.el8ea | 0:3.7.8-1.SP1_redhat_00001.1.el8ea |
| redhat/eap7-netty | <0:4.1.48-1.Final_redhat_00001.1.el8ea | 0:4.1.48-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-undertow | <0:2.0.30-4.SP4_redhat_00001.1.el8ea | 0:2.0.30-4.SP4_redhat_00001.1.el8ea |
| redhat/eap7-wildfly | <0:7.3.2-4.GA_redhat_00002.1.el8ea | 0:7.3.2-4.GA_redhat_00002.1.el8ea |
| redhat/eap7-wildfly-common | <0:1.5.2-1.Final_redhat_00002.1.el8ea | 0:1.5.2-1.Final_redhat_00002.1.el8ea |
| redhat/eap7-wildfly-elytron | <0:1.10.7-1.Final_redhat_00001.1.el8ea | 0:1.10.7-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-http-client | <0:1.0.22-1.Final_redhat_00001.1.el8ea | 0:1.0.22-1.Final_redhat_00001.1.el8ea |
| redhat/candlepin | <0:3.1.26-1.el7 | 0:3.1.26-1.el7 |
| redhat/netty | <4.1.46. | 4.1.46. |
| debian/netty | 1:4.1.48-4+deb11u2 1:4.1.48-7+deb12u1 1:4.1.48-10 | |
| NettyRPC | >=4.1<4.1.46 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| Red Hat Fedora | =33 | |
| NetApp OnCommand API Services | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| Oracle Communications Billing and Revenue Management Elastic Charging Engine | =12.0.0.3 | |
| Oracle Communications Cloud Native Core Service Communication Proxy | =1.5.2 | |
| Oracle Communications Design Studio | =7.4.2 | |
| Oracle NoSQL Database | <20.3 | |
| Oracle Siebel Core - Server Framework | <21.5 | |
| Oracle WebCenter Portal | =12.2.1.3.0 | |
| Oracle WebCenter Portal | =12.2.1.4.0 | |
| Sun iPlanet Messaging Server | =8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-11612 https://nvd.nist.gov/vuln/detail/CVE-2020-11612
- https://bugzilla.redhat.com/show_bug.cgi?id=1816216
- https://access.redhat.com/errata/RHSA-2020:2605
- https://access.redhat.com/errata/RHSA-2020:2751
- https://access.redhat.com/errata/RHSA-2020:3133
- https://access.redhat.com/errata/RHSA-2020:1538
- https://access.redhat.com/errata/RHSA-2020:2618
- https://access.redhat.com/errata/RHSA-2020:3626
- https://access.redhat.com/errata/RHSA-2020:3196
- https://access.redhat.com/errata/RHSA-2020:3779
- https://access.redhat.com/errata/RHSA-2020:3464
- https://access.redhat.com/errata/RHSA-2020:3461
- https://access.redhat.com/errata/RHSA-2020:3462
- https://access.redhat.com/errata/RHSA-2020:3463
- https://access.redhat.com/errata/RHSA-2020:3585
- https://access.redhat.com/errata/RHSA-2020:5568
- https://access.redhat.com/errata/RHSA-2020:3197
- https://access.redhat.com/errata/RHSA-2021:1313
- https://access.redhat.com/errata/RHSA-2020:3501
- https://access.redhat.com/errata/RHSA-2020:1422
- https://access.redhat.com/errata/RHSA-2020:4252
- https://access.redhat.com/security/cve/cve-2020-11612
- https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final
- https://github.com/netty/netty/issues/6168
- https://github.com/netty/netty/pull/9924
- https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b@%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082@%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997@%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb@%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec@%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5@%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1@%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9@%3Ccommits.zookeeper.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
- https://security.netapp.com/advisory/ntap-20201223-0001/
- https://www.debian.org/security/2021/dsa-4885
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://launchpad.net/bugs/cve/CVE-2020-11612
- https://access.redhat.com/solutions/5200591
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1865894
- https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r31424427cc6d7db46beac481bdeed9a823fc20bb1b9deede38557f71%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r3ea4918d20d0c1fa26cac74cc7cda001d8990bc43473d062867ef70d%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r4a7e4e23bd84ac24abf30ab5d5edf989c02b555e1eca6a2f28636692%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r4f4a14d6a608db447b725ec2e96c26ac9664d83cd879aa21e2cfeb24%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r5030cd8ea5df1e64cf6a7b633eff145992fbca03e8bfc687cd2427ab%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r5a0b1f0b1c3bcd66f5177fbd6f6de2d0f8cae24a13ab2669f274251a%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r5b1ad61552591b747cd31b3a908d5ff2e8f2a8a6847583dd6b7b1ee7%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r69b23a94d4ae45394cabae012dd1f4a963996869c44c478eb1c61082%40%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r866288c2ada00ce148b7307cdf869f15f24302b3eb2128af33830997%40%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r88e2b91560c065ed67e62adf8f401c417e4d70256d11ea447215a70c%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r9addb580456807cd11d6f0c6b6373b7d7161d06d2278866c30c7febb%40%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r9c30b7fca4baedebcb46d6e0f90071b30cc4a0e074164d50122ec5ec%40%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rd302ddb501fa02c5119120e5fc21df9a1c00e221c490edbe2d7ad365%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/re1ea144e91f03175d661b2d3e97c7d74b912e019613fa90419cf63f4%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/ref2c8a0cbb3b8271e5b9a06457ba78ad2028128627186531730f50ef%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/ref3943adbc3a8813aee0e3a9dd919bacbb27f626be030a3c6d6c7f83%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/rf803b65b4a57589d79cf2e83d8ece0539018d32864f932f63c972844%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf9f8bcc4ca8d2788f77455ff594468404732a4497baebe319043f4d5%40%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rfd173eac20d5e5f581c8984b685c836dafea8eb2f7ff85f617704cf1%40%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rff8859c0d06b1688344b39097f9685c43b461cf2bc41f60f001704e9%40%3Ccommits.zookeeper.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
- https://github.com/netty/netty/commit/1543218d3e7afcb33a90b728b14370395a3deca0
- https://security-tracker.debian.org/tracker/CVE-2020-11612
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612
- https://nvd.nist.gov/vuln/detail/CVE-2020-11612
- https://ubuntu.com/security/CVE-2020-11612
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-11612?
CVE-2020-11612 has been assigned a severity level of moderate due to its potential to cause Out of Memory Errors.
How do I fix CVE-2020-11612?
To mitigate CVE-2020-11612, upgrade to the patched versions as specified by the Red Hat Advisory.
What products are affected by CVE-2020-11612?
CVE-2020-11612 affects several packages including qpid-cpp, qpid-proton, and netty across multiple Red Hat and Debian distributions.
What types of vulnerabilities does CVE-2020-11612 include?
CVE-2020-11612 is specifically a memory allocation vulnerability that can lead to Out of Memory Errors when processing data.
What is the impact of CVE-2020-11612?
The impact of CVE-2020-11612 could lead to denial of service conditions due to excessive memory consumption.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-11612
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/event
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/netty
- canonical/nettyrpc
- version/nettyrpc/4.1
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/33
- vendor/netapp
- canonical/netapp oncommand api services
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- vendor/oracle
- canonical/oracle communications billing and revenue management elastic charging engine
- version/oracle communications billing and revenue management elastic charging engine/12.0.0.3
- canonical/oracle communications cloud native core service communication proxy
- version/oracle communications cloud native core service communication proxy/1.5.2
- canonical/oracle communications design studio
- version/oracle communications design studio/7.4.2
- canonical/oracle nosql database
- canonical/oracle siebel core - server framework
- canonical/oracle webcenter portal
- version/oracle webcenter portal/12.2.1.3.0
- version/oracle webcenter portal/12.2.1.4.0
- canonical/sun iplanet messaging server
- version/sun iplanet messaging server/8.1