VDB
CVE-2014-0193
CVE-2014-0193
REJECTED
WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.
EPSS 4.08% · 88.8th percentile
Risk Scores
EPSS Score
4.08%
88.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | netty | 0, 1:3.2.6.Final-2, 1:4.0.32-1 |
| Ubuntu:18.04:LTS | netty | 0 |
Exploit Intelligence
- https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html (circl)
- https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044 (circl)
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320 (circl)
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321 (circl)
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322 (circl)
- https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/ (circl)
- CIRCL published-proof-of-concept: CVE-2023-26116 (circl-sighting)
- CIRCL seen: CVE-2023-26116 (circl-sighting)
…and 1 more exploits
Timeline
- May 6, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 30, 2023 PoC Published
- Apr 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2014-0193 third-party-advisory
- http://netty.io/news/2014/04/30/release-day.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2014-0193 third-party-advisory