CVE-2014-0193

Aliases:GHSA-7vpq-g998-qpv7
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 06 May 2014, 14:00
Last modified:06 Aug 2024, 09:05

Vulnerability Summary

Overall Risk (default)
low
21/100
CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
4.08% LOW
4% probability -0.98%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

06 May 2014, 14:00
Published
Vulnerability first disclosed
06 Aug 2024, 09:05
Last Modified
Vulnerability information updated

Description

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.

CVSS Metrics

  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 4.08% Percentile: 89%

Techniques & Countermeasures

  • CWE-399Resource Management Errors

    Weaknesses in this category are related to improper management of system resources.

Affected Systems

  • io.nettynetty

    ≥ 3.6.0.Beta1, < 3.6.9.Final | ≥ 3.7.0.Final, < 3.7.1.Final | ≥ 3.8.0.Final, < 3.8.2.Final | ≥ 3.9.0.Final, < 3.9.1.Final | ≥ 4.0.0.Alpha1, < 4.0.19.Final

  • io.nettynetty-all

    ≥ 4.0.0.Alpha1, < 4.0.19.Final

  • nettynetty

    3.6.0 | 3.6.1 | 3.6.2 | 3.6.3 | 3.6.4 | 3.6.5 | 3.6.6 | 3.6.7 | 3.6.8 | 3.7.0 | 3.8.0 | 3.8.1 | 3.9.0 | 4.0.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.0.5 | 4.0.6 | 4.0.7 | 4.0.8 | 4.0.9 | 4.0.10 | 4.0.11 | 4.0.12 | 4.0.13 | 4.0.14 | 4.0.15 | 4.0.16 | 4.0.17 | 4.0.18

References (21)