Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder
can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData
list. The decoder cumulates bytes in the undecodedChunk
buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "122450151692868479589473767823875931257", "227048753196673336934254777401338326645", "209696816972309904902655121716152705161", "224702976237987829096936032308163440637", "190173220708387920660388984738807511406", "23526410485975519760902325385165581378", "316489529300248222116829278086921738204", "131356784592826053957111036567673286854", "93235360277304641272128447188056472645", "130437890270660964901827108489983780223", "61748962777394156101679532337821812537" ] }, "id": "CVE-2024-29025-076e9c2a", "source": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "signature_version": "v1", "signature_type": "Line", "target": { "file": "codec-http/src/main/java/io/netty/handler/codec/http/multipart/HttpPostRequestDecoder.java" }, "deprecated": false }, { "digest": { "function_hash": "153176450926276300821449915041775004490", "length": 375.0 }, "id": "CVE-2024-29025-2cc70c11", "source": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "signature_version": "v1", "signature_type": "Function", "target": { "file": "codec-http/src/main/java/io/netty/handler/codec/http/multipart/HttpPostStandardRequestDecoder.java", "function": "HttpPostStandardRequestDecoder" }, "deprecated": false }, { "digest": { "function_hash": "101842439241297695255183183466134545323", "length": 956.0 }, "id": "CVE-2024-29025-391ca466", "source": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "signature_version": "v1", "signature_type": "Function", "target": { "file": "codec-http/src/main/java/io/netty/handler/codec/http/multipart/HttpPostMultipartRequestDecoder.java", "function": "HttpPostMultipartRequestDecoder" }, "deprecated": false }, { "digest": { "function_hash": "317974011032357045078584932794536885596", "length": 322.0 }, "id": "CVE-2024-29025-6ac169c5", "source": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "signature_version": "v1", "signature_type": "Function", "target": { "file": "codec-http/src/main/java/io/netty/handler/codec/http/multipart/HttpPostMultipartRequestDecoder.java", "function": "addHttpData" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "302087266175243966286284289554136036631", "67984430011339561163994336918411364267", "142344119253237761547778643100807345053", "61293617037668300536239235630410931725", "310774028427191628963136495633022786067", "164939520658134104177716003887351859587", "327918073737922705344924808773279296753", "120213564370457814353282956584653730909", "97987352334673294017318609385229672538", "273122612132945351495037125271802609973", "122311086673641495798682965976834235244", "257704116405846333104750391112259199903", "40339713599769594037936529737800934205", "171303010843381309160661682357971340715", "42974547380927379796364378731783054557", "7164295018175400805669997074593680235", "298717858582435850628951446218024046781", "311699150265268599236147082429119997882", "211267350081913306120381997438079606413", "121659064951626345877512808709112822850", "243083782420996768014155976774271432885", "197904898068342393100850570337570554135", "310245013482033754249324587553653408660", "18723042697714898494439215919497635335", "4722653690041634060031335062240971334" ] }, "id": "CVE-2024-29025-9ab2620a", "source": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "signature_version": "v1", "signature_type": "Line", "target": { "file": "codec-http/src/main/java/io/netty/handler/codec/http/multipart/HttpPostStandardRequestDecoder.java" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "67635803767621412612510874556450160114", "277580007022302710339584359893668730", "212387710784104223044338585255640409023", "88992490669128270505001002248218940422", "171432378858561344490593714207544611366" ] }, "id": "CVE-2024-29025-a28dcc4f", "source": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "signature_version": "v1", "signature_type": "Line", "target": { "file": "codec-http/src/test/java/io/netty/handler/codec/http/multipart/HttpPostRequestDecoderTest.java" }, "deprecated": false }, { "digest": { "function_hash": "317974011032357045078584932794536885596", "length": 322.0 }, "id": "CVE-2024-29025-c4f32f61", "source": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "signature_version": "v1", "signature_type": "Function", "target": { "file": "codec-http/src/main/java/io/netty/handler/codec/http/multipart/HttpPostStandardRequestDecoder.java", "function": "addHttpData" }, "deprecated": false }, { "digest": { "function_hash": "293180439803495307356524328844434482141", "length": 715.0 }, "id": "CVE-2024-29025-d9b6a9cd", "source": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "signature_version": "v1", "signature_type": "Function", "target": { "file": "codec-http/src/main/java/io/netty/handler/codec/http/multipart/HttpPostStandardRequestDecoder.java", "function": "offer" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "311802145772508626849864381821553809099", "249357302416559552693485998307036401140", "284564412524958080416739708339405077365", "195669099951573602906373602480758619847", "99242396827301464878535972900329281380", "303719150109711432191901896679378425936", "242272867272514479060870355146414757008", "332465510093836231097130466784073287388", "311850963339514899627610561935338692597", "327877378288282169246348196322023682646", "311699150265268599236147082429119997882", "211267350081913306120381997438079606413", "121659064951626345877512808709112822850", "243083782420996768014155976774271432885", "197904898068342393100850570337570554135", "310245013482033754249324587553653408660", "18723042697714898494439215919497635335", "4722653690041634060031335062240971334" ] }, "id": "CVE-2024-29025-e51c83b3", "source": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "signature_version": "v1", "signature_type": "Line", "target": { "file": "codec-http/src/main/java/io/netty/handler/codec/http/multipart/HttpPostMultipartRequestDecoder.java" }, "deprecated": false }, { "digest": { "function_hash": "293180439803495307356524328844434482141", "length": 715.0 }, "id": "CVE-2024-29025-efc58ae9", "source": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "signature_version": "v1", "signature_type": "Function", "target": { "file": "codec-http/src/main/java/io/netty/handler/codec/http/multipart/HttpPostMultipartRequestDecoder.java", "function": "offer" }, "deprecated": false } ] }