Netty 环境问题漏洞

admin
admin
admin
0
文章
0
评论
2023-12-01 15:50:58 Ali_nvd 来源:ZONE.CI 全球网 0 阅读模式
低危 Netty 环境问题漏洞

CVE编号

CVE-2021-21295

利用情况

暂无

补丁情况

官方补丁

披露时间

2021-03-10
漏洞描述
Netty是Netty社区的一款非阻塞I/O客户端-服务器框架,它主要用于开发Java网络应用程序,如协议服务器和客户端等。 Netty 存在环境问题漏洞,该漏洞源于请求以HTTP 2流的形式传入,则被转换为HTTP 1.1对象。
解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4
参考链接
https://github.com/Netflix/zuul/pull/980
https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4
https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b5...
https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f6...
https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692...
https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904...
https://lists.apache.org/thread.html/r15f66ada9a5faf4bac69d9e7c4521cedfefa62d...
https://lists.apache.org/thread.html/r16c4b55ac82be72f28adad4f8061477e5f97819...
https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9d...
https://lists.apache.org/thread.html/r1bca0b81193b74a451fc6d687ab58ef3a1f5ec4...
https://lists.apache.org/thread.html/r22adb45fe902aeafcd0a1c4db13984224a66767...
https://lists.apache.org/thread.html/r22b2f34447d71c9a0ad9079b7860323d5584fb9...
https://lists.apache.org/thread.html/r268850f26639ebe249356ed6d8edb54ee8943be...
https://lists.apache.org/thread.html/r27b7e5a588ec826b15f38c40be500c500734000...
https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987...
https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac...
https://lists.apache.org/thread.html/r312ce5bd3c6bf08c138349b507b6f1c25fe9cf4...
https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a46...
https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a46...
https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab8...
https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab8...
https://lists.apache.org/thread.html/r393a339ab0b63ef9e6502253eeab26e7643b3e6...
https://lists.apache.org/thread.html/r3c293431c781696681abbfe1c573c2d9dcdae6f...
https://lists.apache.org/thread.html/r3c4596b9b37f5ae91628ccf169d33cd5a0da4b1...
https://lists.apache.org/thread.html/r3ff9e735ca33612d900607dc139ebd38a64cadc...
https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c6...
https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d...
https://lists.apache.org/thread.html/r5232e33a1f3b310a3e083423f736f3925ebdb15...
https://lists.apache.org/thread.html/r5470456cf1409a99893ae9dd57439799f6dc1a6...
https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd7766...
https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca86...
https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a...
https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c6...
https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6...
https://lists.apache.org/thread.html/r5fc5786cdd640b1b0a3c643237ce0011f0a08a2...
https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc...
https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beec...
https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beec...
https://lists.apache.org/thread.html/r67e6a636cbc1958383a1cd72b7fd0cd7493360b...
https://lists.apache.org/thread.html/r6a122c25e352eb134d01e7f4fc4d345a491c5ee...
https://lists.apache.org/thread.html/r6a29316d758db628a1df49ca219d64caf493999...
https://lists.apache.org/thread.html/r6aee7e3566cb3e51eeed2fd8786704d91f80a75...
https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5...
https://lists.apache.org/thread.html/r70cebada51bc6d49138272437d8a28fe971d019...
https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d727...
https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88...
https://lists.apache.org/thread.html/r837bbcbf12e335e83ab448b1bd2c1ad7e86efdc...
https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e...
https://lists.apache.org/thread.html/r86cd38a825ab2344f3e6cad570528852f29a4ff...
https://lists.apache.org/thread.html/r8bcaf7821247b1836b10f6a1a3a3212b06272fd...
https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd779...
https://lists.apache.org/thread.html/r9051e4f484a970b5566dc1870ecd9c1eb435214...
https://lists.apache.org/thread.html/r905b92099998291956eebf4f1c5d95f5a0cbcec...
https://lists.apache.org/thread.html/r96ce18044880c33634c4b3fcecc57b8b90673c9...
https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a...
https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d63...
https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2...
https://lists.apache.org/thread.html/ra83096bcbfe6e1f4d54449f8a013117a0536404...
https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a...
https://lists.apache.org/thread.html/racc191a1f70a4f13155e8002c61bddef2870b26...
https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38...
https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b5617841864...
https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c...
https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852...
https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff6609875...
https://lists.apache.org/thread.html/rb95d42ce220ed4a4683aa17833b5006d657bc42...
https://lists.apache.org/thread.html/rbadcbcb50195f00bbd196403865ced521ca7078...
https://lists.apache.org/thread.html/rbed09768f496244a2e138dbbe6d2847ddf796c9...
https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda...
https://lists.apache.org/thread.html/rc165e36ca7cb5417aec3f21bbc4ec00fb38eceb...
https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f...
https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae...
https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d5...
https://lists.apache.org/thread.html/rcf3752209a8b04996373bf57fdc808b3bfaa2be...
https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8e...
https://lists.apache.org/thread.html/rcfc535afd413d9934d6ee509dce234dac41fa37...
https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946...
https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80...
https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb...
https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c1...
https://lists.apache.org/thread.html/rdc096e13ac4501ea2e2b03a197682a313b85d3d...
https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1...
https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1...
https://lists.apache.org/thread.html/re4f70b62843e92163fab03b65e2aa8078693293...
https://lists.apache.org/thread.html/re6207ebe2ca4d44f2a6deee695ad6f27fd29d78...
https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f2397...
https://lists.apache.org/thread.html/reafc834062486adfc7be5bb8f7b7793be0d33f4...
https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39a...
https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39a...
https://lists.apache.org/thread.html/rf87b870a22aa5c77c27900967b518a71a7d954c...
https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e47...
https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb03...
https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb03...
https://security.netapp.com/advisory/ntap-20210604-0003/
https://www.debian.org/security/2021/dsa-4885
https://www.oracle.com/security-alerts/cpuapr2022.html
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 netty netty * Up to (excluding) 4.1.60
运行在以下环境
系统 centos_7 tfm-rubygem-hammer_cli_foreman_tasks * Up to (excluding) 1.1.2-7.el7sat
运行在以下环境
系统 centos_8 rubygem-little-plugger * Up to (excluding) 1.0.2-5.1.el8sat
运行在以下环境
系统 debian_10 netty * Up to (excluding) 1:4.1.33-1+deb10u2
运行在以下环境
系统 debian_11 netty * Up to (excluding) 1:4.1.48-3
运行在以下环境
系统 debian_12 netty * Up to (excluding) 1:4.1.48-3
运行在以下环境
系统 debian_9 netty * Up to (including) 4.1.7-2+deb9u1
运行在以下环境
系统 debian_sid netty * Up to (excluding) 1:4.1.48-3
运行在以下环境
系统 kylinos_aarch64_V10SP2 netty * Up to (excluding) 4.1.13-11.ky10
运行在以下环境
系统 kylinos_x86_64_V10SP2 netty * Up to (excluding) 4.1.13-11.ky10
运行在以下环境
系统 opensuse_Leap_15.2 netty-javadoc * Up to (excluding) 4.1.13-lp152.3.3.1
运行在以下环境
系统 opensuse_Leap_15.3 netty-javadoc * Up to (excluding) 4.1.75-150200.4.6.2
运行在以下环境
系统 redhat_7 tfm-rubygem-hammer_cli_foreman_tasks * Up to (excluding) 1.1.2-7.el7sat
运行在以下环境
系统 redhat_8 rubygem-little-plugger * Up to (excluding) 1.0.2-5.1.el8sat
运行在以下环境
系统 ubuntu_22.04 netty * Up to (excluding) 1:4.1.48-4+deb11u1build0.22.04.1
运行在以下环境
系统 ubuntu_22.10 netty * Up to (excluding) 1:4.1.48-5ubuntu0.1
阿里云评分 3.1
  • 攻击路径 远程
  • 攻击复杂度 困难
  • 权限要求 无需权限
  • 影响范围 有限影响
  • EXP成熟度 N/A
  • 补丁情况 官方补丁
  • 数据保密性 无影响
  • 数据完整性 传输被破坏
  • 服务器危害 无影响
  • 全网数量 N/A
CWE-ID 漏洞类型
CWE-444 HTTP请求的解释不一致性(HTTP请求私运)
- avd.aliyun.com
weinxin
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
安全领域涉猎者-乌云独行地带
N/A Ali_nvd

N/A

N/ACVE编号 CVE-2024-9120利用情况 暂无补丁情况 N/A披露时间 2024-09-23漏洞描述Use after free in Dawn
09-260 评论
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
评论:0   参与:  0