- Vulnerability/
- USN-6994-1
5/9/2024
USN-6994-1: Netty vulnerabilities
First published: Thu Sep 05 2024(Updated: )
It was discovered that Netty did not properly sanitize its input parameters. A remote attacker could possibly use this issue to cause a crash. (CVE-2023-34462) It was discovered that Netty incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause Netty to consume resources, leading to a denial of service. (CVE-2023-44487)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libnetty-java | <1:4.1.48-4+deb11u2build0.22.04.1 | 1:4.1.48-4+deb11u2build0.22.04.1 |
| Ubuntu Ubuntu | =22.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-34462
- https://ubuntu.com/security/CVE-2023-44487
- https://ubuntu.com/security/notices/{'id': 'USN-6427-1', 'packages': 'dotnet-sdk-7.0, dotnet6, dotnet-targeting-pack-7.0, dotnet-sdk-7.0-source-built-artifacts, aspnetcore-runtime-7.0, dotnet-sdk-6.0, aspnetcore-targeting-pack-7.0, dotnet-templates-6.0, netstandard-targeting-pack-2.1, dotnet-hostfxr-6.0, dotnet-apphost-pack-7.0, dotnet-apphost-pack-6.0, dotnet-targeting-pack-6.0, dotnet7, aspnetcore-targeting-pack-6.0, dotnet-runtime-7.0, dotnet-sdk-6.0-source-built-artifacts, netstandard-targeting-pack-2.1-7.0, dotnet-host-7.0, dotnet-runtime-6.0, dotnet-templates-7.0, dotnet-host, dotnet-hostfxr-7.0, aspnetcore-runtime-6.0'}
- https://ubuntu.com/security/notices/{'id': 'USN-6427-2', 'packages': 'netstandard-targeting-pack-2.1-8.0, dotnet-targeting-pack-8.0, dotnet-sdk-8.0-source-built-artifacts, dotnet-sdk-8.0, aspnetcore-runtime-8.0, dotnet-apphost-pack-8.0, dotnet8, dotnet-templates-8.0, dotnet-hostfxr-8.0, aspnetcore-targeting-pack-8.0, dotnet-host-8.0, dotnet-runtime-8.0'}
- https://ubuntu.com/security/notices/{'id': 'USN-6438-1', 'packages': 'dotnet-sdk-7.0, dotnet6, dotnet-targeting-pack-7.0, dotnet-sdk-7.0-source-built-artifacts, aspnetcore-runtime-7.0, dotnet-sdk-6.0, aspnetcore-targeting-pack-7.0, dotnet-templates-6.0, netstandard-targeting-pack-2.1, dotnet-hostfxr-6.0, dotnet-apphost-pack-7.0, dotnet-apphost-pack-6.0, dotnet-targeting-pack-6.0, dotnet7, aspnetcore-targeting-pack-6.0, dotnet-runtime-7.0, dotnet-sdk-6.0-source-built-artifacts, netstandard-targeting-pack-2.1-7.0, dotnet-host-7.0, dotnet-runtime-6.0, dotnet-templates-7.0, dotnet-host, dotnet-hostfxr-7.0, aspnetcore-runtime-6.0'}
- https://ubuntu.com/security/notices/{'id': 'USN-6505-1', 'packages': 'libnghttp2-14, nghttp2-client, nghttp2, nghttp2-server, nghttp2-proxy, libnghttp2-dev, libnghttp2-doc'}
- https://ubuntu.com/security/notices/{'id': 'USN-6574-1', 'packages': 'golang-1.20-src, golang-1.20-go, golang-1.21-src, golang-1.21-doc, golang-1.21, golang-1.20-doc, golang-1.20, golang-1.21-go'}
- https://ubuntu.com/security/notices/{'id': 'USN-6754-1', 'packages': 'libnghttp2-14, nghttp2-client, nghttp2, nghttp2-server, nghttp2-proxy, libnghttp2-dev, libnghttp2-doc'}
- https://ubuntu.com/security/notices/{'id': 'USN-7067-1', 'packages': 'haproxy-doc, vim-haproxy, haproxy'}
- https://launchpad.net/ubuntu/+source/netty/1:4.1.48-4+deb11u2build0.22.04.1
- https://ubuntu.com/security/notices/USN-6994-1 (Advisory)
- agent/title
- agent/last-modified-date
- agent/severity
- agent/type
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/22.04