USN-4600-2 -- netty vulnerabilitiesID: oval:org.secpod.oval:def:705729 | Date: (C)2020-10-29 (M)2023-12-20 |
Class: PATCH | Family: unix |
netty: None Details: USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash . Original advisory netty could be made to crash or run programs if it received specially crafted network traffic.