Vulnerability-Lookup

CVE-2014-0193 (GCVE-0-2014-0193)

Vulnerability from cvelistv5 – Published: 2014-05-06 14:00 – Updated: 2024-08-06 09:05

Summary

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

GHSA-7VPQ-G998-QPV7

Vulnerability from github – Published: 2022-05-13 01:54 – Updated: 2024-04-16 16:00

Summary

Netty denial of service vulnerability

Details

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.6.0.Beta1"
            },
            {
              "fixed": "3.6.9.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.7.0.Final"
            },
            {
              "fixed": "3.7.1.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.8.0.Final"
            },
            {
              "fixed": "3.8.2.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.9.0.Final"
            },
            {
              "fixed": "3.9.1.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0.Alpha1"
            },
            {
              "fixed": "4.0.19.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-all"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0.Alpha1"
            },
            {
              "fixed": "4.0.19.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-0193"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-07T20:25:36Z",
    "nvd_published_at": "2014-05-06T14:55:00Z",
    "severity": "MODERATE"
  },
  "details": "`WebSocket08FrameDecoder` in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a `TextWebSocketFrame` followed by a long stream of `ContinuationWebSocketFrames`.",
  "id": "GHSA-7vpq-g998-qpv7",
  "modified": "2024-04-16T16:00:58Z",
  "published": "2022-05-13T01:54:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0193"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/issues/2441"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/commit/8599ab5bdb761bb99d41a975d689f74c12e4892b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/netty/netty"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20140509033427/http://www.securityfocus.com/bid/67182"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20140509044857/http://secunia.com/advisories/58280"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20161119201425/http://secunia.com/advisories/59290"
    },
    {
      "type": "WEB",
      "url": "http://netty.io/news/2014/04/30/release-day.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Netty denial of service vulnerability"
}

CERTFR-2025-AVI-0021

Vulnerability from certfr_avis - Published: 2025-01-10 - Updated: 2025-01-10

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.14
IBM	Spectrum	Spectrum Control versions 5.4.x antérieures à 5.4.13
IBM	Spectrum	Spectrum Protect Plus versions 10.1.x antérieures à 10.1.6.4 pour Linux
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x sans les derniers correctifs de sécurité
IBM	QRadar	QRadar Analyst Workflow versions antérieures à 2.34.0
IBM	Db2	Db2 Big SQL versions antérieures à 7.4.2 pour Cloud Pak for Data

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7180462	2025-01-08	vendor-advisory
Bulletin de sécurité IBM 7180361	2025-01-07	vendor-advisory
Bulletin de sécurité IBM 7180282	2025-01-04	vendor-advisory
Bulletin de sécurité IBM 7180314	2025-01-06	vendor-advisory
Bulletin de sécurité IBM 7180450	2025-01-09	vendor-advisory
Bulletin de sécurité IBM 7180545	2025-01-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.14",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Control versions 5.4.x ant\u00e9rieures \u00e0 5.4.13 ",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.6.4 pour Linux",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x sans les derniers correctifs de s\u00e9curit\u00e9 ",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 2.34.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 7.4.2 pour Cloud Pak for Data",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2023-52471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52471"
    },
    {
      "name": "CVE-2024-36889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
    },
    {
      "name": "CVE-2015-2156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2156"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2024-42246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
    },
    {
      "name": "CVE-2024-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
    },
    {
      "name": "CVE-2024-26614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
    },
    {
      "name": "CVE-2022-25869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25869"
    },
    {
      "name": "CVE-2024-9355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9355"
    },
    {
      "name": "CVE-2023-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26116"
    },
    {
      "name": "CVE-2024-26595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26595"
    },
    {
      "name": "CVE-2024-55565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
    },
    {
      "name": "CVE-2024-26586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
    },
    {
      "name": "CVE-2024-26638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26638"
    },
    {
      "name": "CVE-2024-47831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
    },
    {
      "name": "CVE-2020-7238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7238"
    },
    {
      "name": "CVE-2021-46939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-49766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
    },
    {
      "name": "CVE-2024-36886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
    },
    {
      "name": "CVE-2021-32036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32036"
    },
    {
      "name": "CVE-2024-26802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
    },
    {
      "name": "CVE-2024-36883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
    },
    {
      "name": "CVE-2024-26665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26665"
    },
    {
      "name": "CVE-2024-40960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
    },
    {
      "name": "CVE-2024-40997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
    },
    {
      "name": "CVE-2023-44270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2024-26645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
    },
    {
      "name": "CVE-2024-42240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
    },
    {
      "name": "CVE-2024-40972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2024-40959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2019-10202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2021-32040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32040"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2024-40974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2024-42124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
    },
    {
      "name": "CVE-2023-26117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26117"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2023-52486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
    },
    {
      "name": "CVE-2014-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0193"
    },
    {
      "name": "CVE-2022-21680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
    },
    {
      "name": "CVE-2024-39502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
    },
    {
      "name": "CVE-2024-36005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
    },
    {
      "name": "CVE-2024-26929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
    },
    {
      "name": "CVE-2019-14863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14863"
    },
    {
      "name": "CVE-2023-52683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52683"
    },
    {
      "name": "CVE-2024-42131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
    },
    {
      "name": "CVE-2024-35944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35944"
    },
    {
      "name": "CVE-2024-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
    },
    {
      "name": "CVE-2023-52469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
    },
    {
      "name": "CVE-2024-35809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35809"
    },
    {
      "name": "CVE-2024-47764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
    },
    {
      "name": "CVE-2023-52809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
    },
    {
      "name": "CVE-2023-52451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
    },
    {
      "name": "CVE-2024-39472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2024-26733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2024-40998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40998"
    },
    {
      "name": "CVE-2022-46751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
    },
    {
      "name": "CVE-2023-52470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2020-7676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7676"
    },
    {
      "name": "CVE-2024-40995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
    },
    {
      "name": "CVE-2023-26118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
    },
    {
      "name": "CVE-2024-42238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2024-43830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
    },
    {
      "name": "CVE-2024-39501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
    },
    {
      "name": "CVE-2023-52730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52730"
    },
    {
      "name": "CVE-2024-42090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
    },
    {
      "name": "CVE-2024-26960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
    },
    {
      "name": "CVE-2024-40901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
    },
    {
      "name": "CVE-2021-47321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47321"
    },
    {
      "name": "CVE-2024-26640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2024-49767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
    },
    {
      "name": "CVE-2024-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
    },
    {
      "name": "CVE-2019-10172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2024-47874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
    },
    {
      "name": "CVE-2024-42322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
    },
    {
      "name": "CVE-2024-27019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-41055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
    },
    {
      "name": "CVE-2024-41076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
    },
    {
      "name": "CVE-2024-39506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
    },
    {
      "name": "CVE-2024-40978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2019-10768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10768"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2024-41044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2024-26717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26717"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2024-42152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
    },
    {
      "name": "CVE-2024-39499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
    },
    {
      "name": "CVE-2024-36006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
    },
    {
      "name": "CVE-2023-52476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
    },
    {
      "name": "CVE-2023-52463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
    },
    {
      "name": "CVE-2024-41064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2023-52530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
    },
    {
      "name": "CVE-2024-36000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
    },
    {
      "name": "CVE-2024-26855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
    },
    {
      "name": "CVE-2019-16869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
    },
    {
      "name": "CVE-2022-21681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
    },
    {
      "name": "CVE-2024-42237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-27011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
    },
    {
      "name": "CVE-2019-20445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
    }
  ],
  "initial_release_date": "2025-01-10T00:00:00",
  "last_revision_date": "2025-01-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0021",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180462",
      "url": "https://www.ibm.com/support/pages/node/7180462"
    },
    {
      "published_at": "2025-01-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180361",
      "url": "https://www.ibm.com/support/pages/node/7180361"
    },
    {
      "published_at": "2025-01-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180282",
      "url": "https://www.ibm.com/support/pages/node/7180282"
    },
    {
      "published_at": "2025-01-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180314",
      "url": "https://www.ibm.com/support/pages/node/7180314"
    },
    {
      "published_at": "2025-01-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180450",
      "url": "https://www.ibm.com/support/pages/node/7180450"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180545",
      "url": "https://www.ibm.com/support/pages/node/7180545"
    }
  ]
}

GSD-2014-0193

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-0193

Aliases

CVE-2014-0193

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-0193",
    "description": "WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.",
    "id": "GSD-2014-0193",
    "references": [
      "https://access.redhat.com/errata/RHSA-2015:1009",
      "https://access.redhat.com/errata/RHSA-2015:0765",
      "https://access.redhat.com/errata/RHSA-2015:0720",
      "https://access.redhat.com/errata/RHSA-2015:0675",
      "https://access.redhat.com/errata/RHSA-2015:0235",
      "https://access.redhat.com/errata/RHSA-2015:0234",
      "https://access.redhat.com/errata/RHSA-2014:1351",
      "https://access.redhat.com/errata/RHSA-2014:1021",
      "https://access.redhat.com/errata/RHSA-2014:1020",
      "https://access.redhat.com/errata/RHSA-2014:1019",
      "https://access.redhat.com/errata/RHSA-2014:0910",
      "https://access.redhat.com/errata/RHSA-2014:0818"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-0193"
      ],
      "details": "WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.",
      "id": "GSD-2014-0193",
      "modified": "2023-12-13T01:22:43.941104Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2014-0193",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2014-1351.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
          },
          {
            "name": "http://netty.io/news/2014/04/30/release-day.html",
            "refsource": "MISC",
            "url": "http://netty.io/news/2014/04/30/release-day.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2014-1019.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2014-1020.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2014-1021.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-0675.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-0720.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-0765.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
          },
          {
            "name": "http://secunia.com/advisories/58280",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/58280"
          },
          {
            "name": "http://secunia.com/advisories/59290",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/59290"
          },
          {
            "name": "http://www.securityfocus.com/bid/67182",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/67182"
          },
          {
            "name": "https://github.com/netty/netty/issues/2441",
            "refsource": "MISC",
            "url": "https://github.com/netty/netty/issues/2441"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[3.6,3.6.9),[3.7,3.7.1),[3.8,3.8.2),[3.9,3.9.1),[4.0,4.0.19)",
          "affected_versions": "All versions starting from 3.6 before 3.6.9, all versions starting from 3.7 before 3.7.1, all versions starting from 3.8 before 3.8.2, all versions starting from 3.9 before 3.9.1, all versions starting from 4.0 before 4.0.19",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-399",
            "CWE-937"
          ],
          "date": "2023-08-16",
          "description": "WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.",
          "fixed_versions": [
            "3.6.9",
            "3.7.1",
            "3.8.2",
            "3.9.1",
            "4.0.19"
          ],
          "identifier": "CVE-2014-0193",
          "identifiers": [
            "GHSA-7vpq-g998-qpv7",
            "CVE-2014-0193"
          ],
          "not_impacted": "All versions before 3.6, all versions starting from 3.6.9 before 3.7, all versions starting from 3.7.1 before 3.8, all versions starting from 3.8.2 before 3.9, all versions starting from 3.9.1 before 4.0, all versions starting from 4.0.19",
          "package_slug": "maven/io.netty/netty",
          "pubdate": "2022-05-13",
          "solution": "Upgrade to versions 3.6.9, 3.7.1, 3.8.2, 3.9.1, 4.0.19 or above.",
          "title": "Netty denial of service vulnerability",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2014-0193",
            "https://github.com/netty/netty/issues/2441",
            "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E",
            "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html",
            "http://netty.io/news/2014/04/30/release-day.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1019.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1020.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1021.html",
            "http://rhn.redhat.com/errata/RHSA-2014-1351.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0675.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0720.html",
            "http://rhn.redhat.com/errata/RHSA-2015-0765.html",
            "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E",
            "https://web.archive.org/web/20140509033427/http://www.securityfocus.com/bid/67182",
            "https://web.archive.org/web/20140509044857/http://secunia.com/advisories/58280",
            "https://web.archive.org/web/20161119201425/http://secunia.com/advisories/59290",
            "https://github.com/advisories/GHSA-7vpq-g998-qpv7"
          ],
          "uuid": "7078e6d0-98c0-41d0-8057-8ad470301dac"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:3.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0193"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://netty.io/news/2014/04/30/release-day.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://netty.io/news/2014/04/30/release-day.html"
            },
            {
              "name": "67182",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/67182"
            },
            {
              "name": "https://github.com/netty/netty/issues/2441",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/netty/netty/issues/2441"
            },
            {
              "name": "58280",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/58280"
            },
            {
              "name": "RHSA-2014:1019",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html"
            },
            {
              "name": "RHSA-2014:1021",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html"
            },
            {
              "name": "RHSA-2014:1020",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html"
            },
            {
              "name": "RHSA-2014:1351",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
            },
            {
              "name": "RHSA-2015:0675",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
            },
            {
              "name": "RHSA-2015:0720",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
            },
            {
              "name": "RHSA-2015:0765",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
            },
            {
              "name": "59290",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59290"
            },
            {
              "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
            },
            {
              "name": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T00:36Z",
      "publishedDate": "2014-05-06T14:55Z"
    }
  }
}

FKIE_CVE-2014-0193

Vulnerability from fkie_nvd - Published: 2014-05-06 14:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://netty.io/news/2014/04/30/release-day.html	Patch, Vendor Advisory
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1019.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1020.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1021.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1351.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-0675.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-0720.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-0765.html
secalert@redhat.com	http://secunia.com/advisories/58280	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/59290
secalert@redhat.com	http://www.securityfocus.com/bid/67182
secalert@redhat.com	https://github.com/netty/netty/issues/2441
secalert@redhat.com	https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
af854a3a-2127-422b-91ae-364da2661108	http://netty.io/news/2014/04/30/release-day.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1019.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1020.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1021.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1351.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-0675.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-0720.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-0765.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58280	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59290
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/67182
af854a3a-2127-422b-91ae-364da2661108	https://github.com/netty/netty/issues/2441
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html

Impacted products

Vendor	Product	Version
netty	netty	3.6.0
netty	netty	3.6.1
netty	netty	3.6.2
netty	netty	3.6.3
netty	netty	3.6.4
netty	netty	3.6.5
netty	netty	3.6.6
netty	netty	3.6.7
netty	netty	3.6.8
netty	netty	3.7.0
netty	netty	3.8.0
netty	netty	3.8.1
netty	netty	3.9.0
netty	netty	4.0.0
netty	netty	4.0.1
netty	netty	4.0.2
netty	netty	4.0.3
netty	netty	4.0.4
netty	netty	4.0.5
netty	netty	4.0.6
netty	netty	4.0.7
netty	netty	4.0.8
netty	netty	4.0.9
netty	netty	4.0.10
netty	netty	4.0.11
netty	netty	4.0.12
netty	netty	4.0.13
netty	netty	4.0.14
netty	netty	4.0.15
netty	netty	4.0.16
netty	netty	4.0.17
netty	netty	4.0.18

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netty:netty:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3EEBC0F-815E-4F66-B9B4-1256AAAB03A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "140919D1-2868-4F11-8421-5CA35A3FFCA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "28C7EA90-B934-438B-9705-5B53B0F3D09C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C1DCF99-CBB1-4FD2-B073-B91A2DD27290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4EA1D52-61D5-4448-BA64-0D9A8FFFE173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CFB08C8-9021-4C26-B8B8-A2C07EB4BB83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3707350-D658-485E-A136-04AF3ED7AF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D4831E7-1F30-4AEA-82D8-E703701DC8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CE508BE-00C4-4304-BA92-063129C2B6E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3876968E-7B85-4149-BF6B-488D32A7B2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C365439-029C-4F5F-ADB2-0153DD4965B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAECE2B6-DD9F-4FEC-B15F-EA99BF716390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9879F5B0-DF82-470F-A028-1B69BFB67FB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "069A7F48-DDF9-4C29-829F-63480AC8252A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1657CCDD-547C-462F-84A6-5C7897A0DE3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "48DEF144-095B-4A16-B1A0-540FFCB0571D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34811757-A83B-4177-B256-17C75669CB4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F0B1676-F16F-49CB-A1D2-961236B29FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5B2C70-1CA5-4285-B85A-C01A1F0D256F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4223B041-EA1F-4EF5-9C56-93B47426D634",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC66E4C-0291-4F01-B6FF-1E6ABFFE3DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FF070FD-09A2-453C-ABB0-57806785AC0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB8331D-6E3B-419A-A5D1-7FCA56B01D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A78B72B6-389E-4EE4-86D4-9C8499BAF7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C9F0BF-82E7-4E8D-81E0-8BE38AC892FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "638159B5-DCB2-48F2-B98C-D02AA4B55567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DD72B11-80BE-4EE8-8350-E84A4DE19A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "938E8F20-809C-41CF-90B3-16C4FA22BE7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ECC0699-8544-4D5E-ACF9-C09A5EF7C6A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3947E2CD-9E5C-4D8F-970E-9AFCEBB9BEA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14F96ED-9B74-446A-BDAA-37DA46BF1C52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "490A338C-50BB-4292-B3E3-EBCB4D2A89F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames."
    },
    {
      "lang": "es",
      "value": "WebSocket08FrameDecoder en Netty 3.6.x anterior a 3.6.9, 3.7.x anterior a 3.7.1, 3.8.x anterior a 3.8.2, 3.9.x anterior a 3.9.1 y 4.0.x anterior a 4.0.19 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un TextWebSocketFrame seguido por una cadena larga de ContinuationWebSocketFrames."
    }
  ],
  "id": "CVE-2014-0193",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-06T14:55:05.667",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://netty.io/news/2014/04/30/release-day.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/58280"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59290"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/67182"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/netty/netty/issues/2441"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://netty.io/news/2014/04/30/release-day.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/58280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/netty/netty/issues/2441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-0193 (GCVE-0-2014-0193)

GHSA-7VPQ-G998-QPV7

CERTFR-2025-AVI-0021

Solutions

GSD-2014-0193

FKIE_CVE-2014-0193

Tags

Sightings

Nomenclature