Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", "deprecated": false, "signature_type": "Line", "target": { "file": "resolver-dns/src/main/java/io/netty/resolver/dns/ResolvConf.java" }, "id": "CVE-2024-47535-312d9ec9", "digest": { "line_hashes": [ "166686227897301829885658732484156620069", "338199664978331893706288835054325914109", "333844862478923356483947278663418408535", "30299373726973676235516046002186433842", "276188118370802735731850607401984134597", "45095805959474537601101869050583409659", "189675886038757376618685406382303182998", "294999866087430247081549360346378888010", "257930876854715798470687142747344925701", "270774767595543351562648748906932209312", "224010829204928704183181521589901644470", "211881874870366905873612478447571736845", "179755837526237526144560645107753276091" ], "threshold": 0.9 } }, { "signature_version": "v1", "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", "deprecated": false, "signature_type": "Function", "target": { "file": "common/src/main/java/io/netty/util/NetUtil.java", "function": "sysctlGetInt" }, "id": "CVE-2024-47535-5f2f4cb6", "digest": { "function_hash": "1974643081959799338592584384667260683", "length": 596.0 } }, { "signature_version": "v1", "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", "deprecated": false, "signature_type": "Function", "target": { "file": "common/src/main/java/io/netty/util/internal/PlatformDependent.java", "function": "addFilesystemOsClassifiers" }, "id": "CVE-2024-47535-7664cdc5", "digest": { "function_hash": "111912646721553965673044991457258119274", "length": 1424.0 } }, { "signature_version": "v1", "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", "deprecated": false, "signature_type": "Function", "target": { "file": "resolver-dns/src/main/java/io/netty/resolver/dns/ResolvConf.java", "function": "fromFile" }, "id": "CVE-2024-47535-7b5639c6", "digest": { "function_hash": "165917830565648764096615959332650890143", "length": 202.0 } }, { "signature_version": "v1", "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", "deprecated": false, "signature_type": "Line", "target": { "file": "common/src/main/java/io/netty/util/NetUtil.java" }, "id": "CVE-2024-47535-802f87a0", "digest": { "line_hashes": [ "16762015704362057022778493324526889219", "47607099033499225847371922182548007909", "111172853284008564449751835500903358693", "85139183619659052782380409988654414091", "60018189351330671423843985651896602779", "90242315034260173897935274022223238025", "311208516658333464509242675757320203091", "47773376524229423091246660731822413204", "183444788174446444853210825843572513991", "261717030798001533095845169314622236541", "26819898747790684701057646211584236550", "337768324588618013613145614648324044757", "136146164487655917984328871645159872535", "321802039922679578482587554457208860971" ], "threshold": 0.9 } }, { "signature_version": "v1", "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", "deprecated": false, "signature_type": "Line", "target": { "file": "common/src/main/java/io/netty/util/internal/PlatformDependent.java" }, "id": "CVE-2024-47535-a6664315", "digest": { "line_hashes": [ "224108032375300166892128501174872838558", "29648758531012150249465039178044718644", "28206044157676502057221912642345890209", "316693582380947112570002570135330274707", "148778521742000663538604612069632520146", "8114227674360508904033866795253305674" ], "threshold": 0.9 } }, { "signature_version": "v1", "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", "deprecated": false, "signature_type": "Function", "target": { "file": "common/src/main/java/io/netty/util/NetUtil.java", "function": "run" }, "id": "CVE-2024-47535-d4540c53", "digest": { "function_hash": "260072840418062689595964239672649660955", "length": 1128.0 } }, { "signature_version": "v1", "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", "deprecated": false, "signature_type": "Function", "target": { "file": "common/src/main/java/io/netty/util/internal/PlatformDependent.java", "function": "run" }, "id": "CVE-2024-47535-f9d7df7c", "digest": { "function_hash": "165658413103519467228314272385612798662", "length": 1091.0 } } ] }