VDB
CVE-2020-11612
CVE-2020-11612
PUBLISHED
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
EPSS 4.33% · 89.1th percentile
Risk Scores
EPSS Score
4.33%
89.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | netty | 1:4.1.33-1, 0, * |
| Ubuntu:18.04:LTS | netty | 0, 1:4.1.7-4 |
| Ubuntu:Pro:14.04:LTS | netty | 1:3.2.6.Final-2, 1:3.2.6.Final-2+deb8u2build0.14.04.1~esm1, 0 |
| Ubuntu:Pro:16.04:LTS | netty | 1:3.2.6.Final-2, *, 0 |
Timeline
- Apr 7, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 15, 2021 CVE Updated
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-11612 third-party-advisory
- https://github.com/netty/netty/issues/6168 third-party-advisory
- https://github.com/netty/netty/pull/9924 third-party-advisory
- https://github.com/netty/netty/commit/1543218d3e7afcb33a90b728b14370395a3deca0 third-party-advisory
- https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final third-party-advisory
- https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f@%3Ccommits.druid.apache.org%3E third-party-advisory
- https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53@%3Ccommits.druid.apache.org%3E third-party-advisory
- https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1@%3Ccommits.druid.apache.org%3E third-party-advisory
- https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a@%3Ccommits.druid.apache.org%3E third-party-advisory
- https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f@%3Ccommits.druid.apache.org%3E third-party-advisory
- https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9@%3Ccommits.druid.apache.org%3E third-party-advisory
- https://ubuntu.com/security/notices/USN-4600-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-6049-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-11612 third-party-advisory