#VU100259 Resource management error in Netty - CVE-2024-47535

Cybersecurity Help s.r.o.

Published: 2024-11-12 | Updated: 2025-02-11

Vulnerability identifier: #VU100259

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47535

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Netty
Universal components / Libraries / Libraries used by multiple products

Vendor: Netty project

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an unsafe reading of an environment file on Windows. A local user can create an overly large file and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Netty: 4.0.0 - 4.0.56, 4.1 - 4.1.114

External links
https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform 7.4

Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 7

Multiple vulnerabilities in IBM SPSS Collaboration and Deployment Services

Resource management error in IBM Business Automation Workflow

Multiple vulnerabilities in IBM Db2

Multiple vulnerabilities in IBM CICS TX Standard

IBM TXSeries for Multiplatforms update for Netty

Multiple vulnerabilities in IBM CICS TX Advanced