CVE-2014-0193
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.0
Description
Netty denial of service vulnerability
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 0 |
| sid | Fixed | 0 |
| forky | Fixed | 0 |
| bullseye | Fixed | 0 |
| bookworm | Fixed | 0 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | io.netty:netty | >=3.6.0.Beta1,<3.6.9.Final | 3.6.9.Final |
| Maven | io.netty:netty | >=3.7.0.Final,<3.7.1.Final | 3.7.1.Final |
| Maven | io.netty:netty | >=3.8.0.Final,<3.8.2.Final | 3.8.2.Final |
| Maven | io.netty:netty | >=3.9.0.Final,<3.9.1.Final | 3.9.1.Final |
| Maven | io.netty:netty | >=4.0.0.Alpha1,<4.0.19.Final | 4.0.19.Final |
| Maven | io.netty:netty-all | >=4.0.0.Alpha1,<4.0.19.Final | 4.0.19.Final |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| netty | netty | 3.6.0 | |
| netty | netty | 3.6.1 | |
| netty | netty | 3.6.2 | |
| netty | netty | 3.6.3 | |
| netty | netty | 3.6.4 | |
| netty | netty | 3.6.5 | |
| netty | netty | 3.6.6 | |
| netty | netty | 3.6.7 | |
| netty | netty | 3.6.8 | |
| netty | netty | 3.7.0 | |
| netty | netty | 3.8.0 | |
| netty | netty | 3.8.1 | |
| netty | netty | 3.9.0 | |
| netty | netty | 4.0.0 | |
| netty | netty | 4.0.1 | |
| netty | netty | 4.0.2 | |
| netty | netty | 4.0.3 | |
| netty | netty | 4.0.4 | |
| netty | netty | 4.0.5 | |
| netty | netty | 4.0.6 | |
| netty | netty | 4.0.7 | |
| netty | netty | 4.0.8 | |
| netty | netty | 4.0.9 | |
| netty | netty | 4.0.10 | |
| netty | netty | 4.0.11 | |
| netty | netty | 4.0.12 | |
| netty | netty | 4.0.13 | |
| netty | netty | 4.0.14 | |
| netty | netty | 4.0.15 | |
| netty | netty | 4.0.16 | |
| netty | netty | 4.0.17 | |
| netty | netty | 4.0.18 | |
References
- http://netty.io/news/2014/04/30/release-day.html
- http://rhn.redhat.com/errata/RHSA-2014-1019.html
- http://rhn.redhat.com/errata/RHSA-2014-1020.html
- http://rhn.redhat.com/errata/RHSA-2014-1021.html
- http://rhn.redhat.com/errata/RHSA-2014-1351.html
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://rhn.redhat.com/errata/RHSA-2015-0765.html
- http://secunia.com/advisories/58280
- http://secunia.com/advisories/59290
- http://www.securityfocus.com/bid/67182
- https://github.com/netty/netty/issues/2441
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
- https://nvd.nist.gov/vuln/detail/CVE-2014-0193
- https://github.com/netty/netty/commit/8599ab5bdb761bb99d41a975d689f74c12e4892b
- https://github.com/netty/netty
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
- https://web.archive.org/web/20140509033427/http://www.securityfocus.com/bid/67182
- https://web.archive.org/web/20140509044857/http://secunia.com/advisories/58280
- https://web.archive.org/web/20161119201425/http://secunia.com/advisories/59290
- https://security-tracker.debian.org/tracker/CVE-2014-0193
CWEs
CWE-399
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.