Bug 2325538 (CVE-2024-47535) - CVE-2024-47535 netty: Denial of Service attack on windows app using Netty
Summary: CVE-2024-47535 netty: Denial of Service attack on windows app using Netty
Keywords:
Status: NEW
Alias: CVE-2024-47535
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-12 16:01 UTC by OSIDB Bzimport
Modified: 2025-05-06 14:31 UTC (History)
72 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:2416 0 None None None 2025-03-05 20:59:32 UTC
Red Hat Product Errata RHSA-2025:3357 0 None None None 2025-03-27 16:40:24 UTC
Red Hat Product Errata RHSA-2025:3358 0 None None None 2025-03-27 16:47:09 UTC
Red Hat Product Errata RHSA-2025:3465 0 None None None 2025-04-01 13:10:08 UTC
Red Hat Product Errata RHSA-2025:3467 0 None None None 2025-04-01 13:06:52 UTC
Red Hat Product Errata RHSA-2025:4548 0 None None None 2025-05-06 14:30:45 UTC
Red Hat Product Errata RHSA-2025:4549 0 None None None 2025-05-06 14:31:01 UTC
Red Hat Product Errata RHSA-2025:4550 0 None None None 2025-05-06 14:29:45 UTC
Red Hat Product Errata RHSA-2025:4552 0 None None None 2025-05-06 14:28:12 UTC

Description OSIDB Bzimport 2024-11-12 16:01:43 UTC 
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
Comment 3 errata-xmlrpc 2025-03-05 20:59:29 UTC 
This issue has been addressed in the following products:

  Streams for Apache Kafka 2.9.0

Via RHSA-2025:2416 https://access.redhat.com/errata/RHSA-2025:2416
Comment 5 errata-xmlrpc 2025-03-27 16:40:20 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Via RHSA-2025:3357 https://access.redhat.com/errata/RHSA-2025:3357
Comment 6 errata-xmlrpc 2025-03-27 16:47:05 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2025:3358 https://access.redhat.com/errata/RHSA-2025:3358
Comment 7 errata-xmlrpc 2025-04-01 13:06:49 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2025:3467 https://access.redhat.com/errata/RHSA-2025:3467
Comment 8 errata-xmlrpc 2025-04-01 13:10:04 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2025:3465 https://access.redhat.com/errata/RHSA-2025:3465
Comment 9 errata-xmlrpc 2025-05-06 14:28:06 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2025:4552 https://access.redhat.com/errata/RHSA-2025:4552
Comment 10 errata-xmlrpc 2025-05-06 14:29:40 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2025:4550 https://access.redhat.com/errata/RHSA-2025:4550
Comment 11 errata-xmlrpc 2025-05-06 14:30:39 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2025:4548 https://access.redhat.com/errata/RHSA-2025:4548
Comment 12 errata-xmlrpc 2025-05-06 14:30:55 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2025:4549 https://access.redhat.com/errata/RHSA-2025:4549
Note You need to log in before you can comment on or make changes to this bug.