VDB
RHSA-2020%3A0567
RHSA-2020%3A0567
PUBLISHED
CVSS 7.5 HIGH
A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF (carriage return, line feed) without being followed by SP (space) or HTAB (horizontal tab), result in situations where headers can be misread. Data integrity is the highest threat with this vulnerability.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Text-Only RHOAR |
Timeline
- Mar 3, 2020 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2020:0567 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/3.8/html/release_notes_for_eclipse_vert.x_3.8/index advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.eclipse.vertx&version=3.8.5 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1796225 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1798509 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1798524 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0567.json advisory
- https://access.redhat.com/security/cve/CVE-2019-20444 advisory
- https://www.cve.org/CVERecord?id=CVE-2019-20444 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-20444 advisory
- https://github.com/elastic/elasticsearch/issues/49396 advisory
- https://access.redhat.com/security/cve/CVE-2019-20445 advisory
- https://www.cve.org/CVERecord?id=CVE-2019-20445 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-20445 advisory
- https://access.redhat.com/security/cve/CVE-2020-7238 advisory
- https://www.cve.org/CVERecord?id=CVE-2020-7238 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-7238 advisory
- https://netty.io/news/2019/12/18/4-1-44-Final.html advisory