Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:1345
HistoryApr 13, 2022 - 11:23 a.m.

(RHSA-2022:1345) Moderate: Red Hat AMQ Streams 2.1.0 release and security update

2022-04-1311:23:09
access.redhat.com
102

0.002 Low

EPSS

Percentile

62.3%

JSON

Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.

This release of Red Hat AMQ Streams 2.1.0 serves as a replacement for Red Hat AMQ Streams 2.0.1, and includes security and bug fixes, and enhancements.

Security Fix(es):

  • lz4: memory corruption due to an integer overflow bug caused by memmove argument [amq-st-1] (CVE-2021-3520)

  • netty: control chars in header names may lead to HTTP request smuggling [amq-st-1] (CVE-2021-43797)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ubuntucve 2
osv 15
debiancve 2
ibm 24
cve 2
veracode 2
nessus 52
openvas 27
redhatcve 2
github 2
prion 2
nvd 2
suse 4
cvelist 2
archlinux 1
rocky 2
mageia 1
ubuntu 3
oraclelinux 1
cloudfoundry 1
rustsec 1
debian 5
photon 12
redhat 29
gentoo 1
alpinelinux 1
almalinux 1
ubuntucve
ubuntucve
CVE-2021-43797
2021-12-09 00:00:00
CVE-2021-3520
2021-04-30 00:00:00
osv
osv
CVE-2021-43797
2021-12-09 19:15:07
HTTP request smuggling in netty
2021-12-09 19:09:17
lz4 - security update
2021-05-21 00:00:00
debiancve
debiancve
CVE-2021-43797
2021-12-09 19:15:07
CVE-2021-3520
2021-06-02 13:15:13
ibm
ibm
Security Bulletin: Operations Dashboard is vulnerable to Netty CVE-2021-43797
2022-01-13 15:49:28
Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to HTTP request smuggling due to Netty (CVE-2021-43797)
2022-03-30 09:48:30
Security Bulletin: IBM MaaS360 Cloud Extender Configuration Utility and Mobile Enterprise Gateway have vulnerability (CVE-2021-43797)
2022-05-02 15:06:03
cve
cve
CVE-2021-43797
2021-12-09 19:15:07
CVE-2021-3520
2021-06-02 13:15:13
veracode
veracode
HTTP Request Smuggling
2021-12-10 07:49:39
Denial Of Service (DoS)
2021-05-08 14:25:49
nessus
nessus
SUSE SLED15 / SLES15 Security Update : netty3 (SUSE-SU-2022:2047-1)
2022-06-14 00:00:00
EulerOS 2.0 SP9 : lz4 (EulerOS-SA-2021-2559)
2021-09-27 00:00:00
Amazon Linux 2023 : lz4, lz4-devel, lz4-libs (ALAS2023-2023-015)
2023-03-21 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2047-1)
2022-06-14 00:00:00
openSUSE: Security Advisory for netty3 (SUSE-SU-2022:2047-1)
2022-06-14 00:00:00
Debian: Security Advisory (DLA-2657-1)
2021-05-13 00:00:00
redhatcve
redhatcve
CVE-2021-43797
2021-12-13 20:02:24
CVE-2021-3520
2021-04-28 11:48:45
github
github
HTTP request smuggling in netty
2021-12-09 19:09:17
lz4-sys vulnerable to memory corruption via issue in liblz4
2022-09-01 22:24:55
prion
prion
Design/Logic Flaw
2021-12-09 19:15:00
Integer overflow
2021-06-02 13:15:00
nvd
nvd
CVE-2021-43797
2021-12-09 19:15:07
CVE-2021-3520
2021-06-02 13:15:13
suse
suse
Security update for netty3 (moderate)
2022-06-13 00:00:00
Security update for lz4 (important)
2021-05-22 00:00:00
Security update for lz4 (important)
2021-07-11 00:00:00
cvelist
cvelist
CVE-2021-43797 HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling
2021-12-09 00:00:00
CVE-2021-3520
2021-06-02 12:32:32
archlinux
archlinux
[ASA-202105-27] lz4: denial of service
2021-05-25 00:00:00
rocky
rocky
lz4 security update
2021-06-29 13:43:40
Satellite 6.11 Release
2022-07-05 13:55:16
mageia
mageia
Updated lz4 packages fix a security vulnerability
2021-06-08 17:33:02
ubuntu
ubuntu
LZ4 vulnerability
2021-05-31 00:00:00
LZ4 vulnerability
2021-05-26 00:00:00
Netty vulnerabilities
2023-04-28 00:00:00
oraclelinux
oraclelinux
lz4 security update
2021-06-30 00:00:00
cloudfoundry
cloudfoundry
USN-4968-1: LZ4 vulnerability | Cloud Foundry
2021-06-11 00:00:00
rustsec
rustsec
Memory corruption in liblz4
2022-08-25 12:00:00
debian
debian
[SECURITY] [DSA 4919-1] lz4 security update
2021-05-21 12:51:40
[SECURITY] [DLA 2657-1] lz4 security update
2021-05-12 10:23:19
[SECURITY] [DSA 4919-1] lz4 security update
2021-05-21 12:51:40
photon
photon
Critical Photon OS Security Update - PHSA-2021-0255
2021-06-17 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0138
2023-11-08 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0255
2021-06-18 00:00:00
redhat
redhat
(RHSA-2021:2575) Moderate: lz4 security update
2021-06-29 13:43:40
(RHSA-2022:5101) Important: Red Hat AMQ Broker 7.10.0 release and security update
2022-06-16 14:08:30
(RHSA-2022:6782) Moderate: Red Hat Single Sign-On 7.5.3 security update on RHEL 7
2022-10-04 15:21:48
gentoo
gentoo
LZ4: Memory Corruption
2024-06-22 00:00:00
alpinelinux
alpinelinux
CVE-2021-3520
2021-06-02 13:15:13
almalinux
almalinux
Moderate: lz4 security update
2021-06-29 13:43:40

0.002 Low

EPSS

Percentile

62.3%

JSON
Related for RHSA-2022:1345
ubuntucve2osv15debiancve2ibm24cve2veracode2nessus52openvas27redhatcve2github2prion2nvd2suse4cvelist2archlinux1rocky2mageia1ubuntu3oraclelinux1cloudfoundry1rustsec1debian5photon12redhat29gentoo1alpinelinux1almalinux1