Lucene search

RedhatCVE-2014-0193

HistoryMay 06, 2014 - 2:55 p.m.

CVE-2014-0193

2014-05-0614:55:05

CWE-399

redhat

web.nvd.nist.gov

cve-2014-0193

netty

websocket08framedecoder

denial of service

memory consumption

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.9

Confidence

High

EPSS

0.058

Percentile

93.4%

JSON

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.

Affected configurations

Nvd

Node

nettynettyMatch3.6.0

nettynettyMatch3.6.1

nettynettyMatch3.6.2

nettynettyMatch3.6.3

nettynettyMatch3.6.4

nettynettyMatch3.6.5

nettynettyMatch3.6.6

nettynettyMatch3.6.7

nettynettyMatch3.6.8

nettynettyMatch3.7.0

nettynettyMatch3.8.0

nettynettyMatch3.8.1

nettynettyMatch3.9.0

nettynettyMatch4.0.0

nettynettyMatch4.0.1

nettynettyMatch4.0.2

nettynettyMatch4.0.3

nettynettyMatch4.0.4

nettynettyMatch4.0.5

nettynettyMatch4.0.6

nettynettyMatch4.0.7

nettynettyMatch4.0.8

nettynettyMatch4.0.9

nettynettyMatch4.0.10

nettynettyMatch4.0.11

nettynettyMatch4.0.12

nettynettyMatch4.0.13

nettynettyMatch4.0.14

nettynettyMatch4.0.15

nettynettyMatch4.0.16

nettynettyMatch4.0.17

nettynettyMatch4.0.18

VendorProductVersionCPE
nettynetty3.6.0cpe:2.3:a:netty:netty:3.6.0:*:*:*:*:*:*:*
nettynetty3.6.1cpe:2.3:a:netty:netty:3.6.1:*:*:*:*:*:*:*
nettynetty3.6.2cpe:2.3:a:netty:netty:3.6.2:*:*:*:*:*:*:*
nettynetty3.6.3cpe:2.3:a:netty:netty:3.6.3:*:*:*:*:*:*:*
nettynetty3.6.4cpe:2.3:a:netty:netty:3.6.4:*:*:*:*:*:*:*
nettynetty3.6.5cpe:2.3:a:netty:netty:3.6.5:*:*:*:*:*:*:*
nettynetty3.6.6cpe:2.3:a:netty:netty:3.6.6:*:*:*:*:*:*:*
nettynetty3.6.7cpe:2.3:a:netty:netty:3.6.7:*:*:*:*:*:*:*
nettynetty3.6.8cpe:2.3:a:netty:netty:3.6.8:*:*:*:*:*:*:*
nettynetty3.7.0cpe:2.3:a:netty:netty:3.7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netty	netty	3.6.0	cpe:2.3:a:netty:netty:3.6.0:::::::*
netty	netty	3.6.1	cpe:2.3:a:netty:netty:3.6.1:::::::*
netty	netty	3.6.2	cpe:2.3:a:netty:netty:3.6.2:::::::*
netty	netty	3.6.3	cpe:2.3:a:netty:netty:3.6.3:::::::*
netty	netty	3.6.4	cpe:2.3:a:netty:netty:3.6.4:::::::*
netty	netty	3.6.5	cpe:2.3:a:netty:netty:3.6.5:::::::*
netty	netty	3.6.6	cpe:2.3:a:netty:netty:3.6.6:::::::*
netty	netty	3.6.7	cpe:2.3:a:netty:netty:3.6.7:::::::*
netty	netty	3.6.8	cpe:2.3:a:netty:netty:3.6.8:::::::*
netty	netty	3.7.0	cpe:2.3:a:netty:netty:3.7.0:::::::*