CVE-2024-47535
- Source
- https://cve.org/CVERecord?id=CVE-2024-47535
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47535.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-47535
- Aliases
- Downstream
- Related
- Published
- 2024-11-12T15:50:08.334Z
- Modified
- 2026-04-12T09:39:51.988425Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Denial of Service attack on windows app using Netty
- Details
-
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
- Database specific
{ "cwe_ids": [ "CWE-400" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47535.json" }- References
Affected packages
Git / github.com/netty/netty
Affected versions
netty-4.*
netty-4.0.0.Alpha1
netty-4.0.0.Alpha2
netty-4.0.0.Alpha3
netty-4.0.0.Alpha4
netty-4.0.0.Alpha5
netty-4.0.0.Alpha6
netty-4.0.0.Alpha7
netty-4.0.0.Alpha8
netty-4.0.0.Beta1
netty-4.0.0.Beta2
netty-4.0.0.Beta3
netty-4.0.0.CR1
netty-4.0.0.CR2
netty-4.0.0.CR3
netty-4.0.0.CR4
netty-4.0.0.CR5
netty-4.0.0.CR7
netty-4.0.0.CR8
netty-4.0.0.CR9
netty-4.0.0.Final
netty-4.0.1.Final
netty-4.0.10.Final
netty-4.0.11.Final
netty-4.0.12.Final
netty-4.0.13.Final
netty-4.0.14.Beta1
netty-4.0.14.Final
netty-4.0.15.Final
netty-4.0.2.Final
netty-4.0.3.Final
netty-4.0.4.Final
netty-4.0.5.Final
netty-4.0.6.Final
netty-4.0.7.Final
netty-4.0.8.Final
netty-4.1.0.Beta1
netty-4.1.0.Beta2
netty-4.1.0.Beta3
netty-4.1.0.Beta4
netty-4.1.0.Beta5
netty-4.1.0.Beta6
netty-4.1.0.Beta7
netty-4.1.0.Beta8
netty-4.1.0.CR1
netty-4.1.0.CR2
netty-4.1.0.CR3
netty-4.1.0.CR4
netty-4.1.0.CR5
netty-4.1.0.CR6
netty-4.1.0.CR7
netty-4.1.0.Final
netty-4.1.1.Final
netty-4.1.10.Final
netty-4.1.100.Final
netty-4.1.101.Final
netty-4.1.102.Final
netty-4.1.103.Final
netty-4.1.104.Final
netty-4.1.105.Final
netty-4.1.106.Final
netty-4.1.107.Final
netty-4.1.108.Final
netty-4.1.109.Final
netty-4.1.11.Final
netty-4.1.110.Final
netty-4.1.111.Final
netty-4.1.112.Final
netty-4.1.113.Final
netty-4.1.114.Final
netty-4.1.12.Final
netty-4.1.13.Final
netty-4.1.14.Final
netty-4.1.15.Final
netty-4.1.16.Final
netty-4.1.17.Final
netty-4.1.18.Final
netty-4.1.19.Final
netty-4.1.2.Final
netty-4.1.20.Final
netty-4.1.21.Final
netty-4.1.22.Final
netty-4.1.23.Final
netty-4.1.24.Final
netty-4.1.25.Final
netty-4.1.26.Final
netty-4.1.27.Final
netty-4.1.28.Final
netty-4.1.29.Final
netty-4.1.3.Final
netty-4.1.30.Final
netty-4.1.31.Final
netty-4.1.32.Final
netty-4.1.33.Final
netty-4.1.34.Final
netty-4.1.35.Final
netty-4.1.36.Final
netty-4.1.37.Final
netty-4.1.38.Final
netty-4.1.39.Final
netty-4.1.4.Final
netty-4.1.40.Final
netty-4.1.41.Final
netty-4.1.42.Final
netty-4.1.43.Final
netty-4.1.44.Final
netty-4.1.45.Final
netty-4.1.46.Final
netty-4.1.47.Final
netty-4.1.48.Final
netty-4.1.49.Final
netty-4.1.5.Final
netty-4.1.50.Final
netty-4.1.51.Final
netty-4.1.52.Final
netty-4.1.53.Final
netty-4.1.54.Final
netty-4.1.55.Final
netty-4.1.56.Final
netty-4.1.57.Final
netty-4.1.58.Final
netty-4.1.59.Final
netty-4.1.6.Final
netty-4.1.60.Final
netty-4.1.61.Final
netty-4.1.62.Final
netty-4.1.63.Final
netty-4.1.64.Final
netty-4.1.65.Final
netty-4.1.66.Final
netty-4.1.67.Final
netty-4.1.68.Final
netty-4.1.69.Final
netty-4.1.7.Final
netty-4.1.70.Final
netty-4.1.71.Final
netty-4.1.72.Final
netty-4.1.73.Final
netty-4.1.74.Final
netty-4.1.75.Final
netty-4.1.76.Final
netty-4.1.77.Final
netty-4.1.78.Final
netty-4.1.79.Final
netty-4.1.8.Final
netty-4.1.80.Final
netty-4.1.81.Final
netty-4.1.82.Final
netty-4.1.83.Final
netty-4.1.84.Final
netty-4.1.85.Final
netty-4.1.86.Final
netty-4.1.87.Final
netty-4.1.88.Final
netty-4.1.89.Final
netty-4.1.9.Final
netty-4.1.90.Final
netty-4.1.91.Final
netty-4.1.92.Final
netty-4.1.93.Final
netty-4.1.94.Final
netty-4.1.95.Final
netty-4.1.96.Final
netty-4.1.97.Final
netty-4.1.98.Final
netty-4.1.99.Final
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47535.json"
vanir_signatures_modified
"2026-04-12T09:39:51Z"
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"166686227897301829885658732484156620069",
"338199664978331893706288835054325914109",
"333844862478923356483947278663418408535",
"30299373726973676235516046002186433842",
"276188118370802735731850607401984134597",
"45095805959474537601101869050583409659",
"189675886038757376618685406382303182998",
"294999866087430247081549360346378888010",
"257930876854715798470687142747344925701",
"270774767595543351562648748906932209312",
"224010829204928704183181521589901644470",
"211881874870366905873612478447571736845",
"179755837526237526144560645107753276091"
]
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"target": {
"file": "resolver-dns/src/main/java/io/netty/resolver/dns/ResolvConf.java"
},
"id": "CVE-2024-47535-312d9ec9",
"deprecated": false
},
{
"digest": {
"function_hash": "1974643081959799338592584384667260683",
"length": 596.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"target": {
"file": "common/src/main/java/io/netty/util/NetUtil.java",
"function": "sysctlGetInt"
},
"id": "CVE-2024-47535-5f2f4cb6",
"deprecated": false
},
{
"digest": {
"function_hash": "111912646721553965673044991457258119274",
"length": 1424.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"target": {
"file": "common/src/main/java/io/netty/util/internal/PlatformDependent.java",
"function": "addFilesystemOsClassifiers"
},
"id": "CVE-2024-47535-7664cdc5",
"deprecated": false
},
{
"digest": {
"function_hash": "165917830565648764096615959332650890143",
"length": 202.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"target": {
"file": "resolver-dns/src/main/java/io/netty/resolver/dns/ResolvConf.java",
"function": "fromFile"
},
"id": "CVE-2024-47535-7b5639c6",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"16762015704362057022778493324526889219",
"47607099033499225847371922182548007909",
"111172853284008564449751835500903358693",
"85139183619659052782380409988654414091",
"60018189351330671423843985651896602779",
"90242315034260173897935274022223238025",
"311208516658333464509242675757320203091",
"47773376524229423091246660731822413204",
"183444788174446444853210825843572513991",
"261717030798001533095845169314622236541",
"26819898747790684701057646211584236550",
"337768324588618013613145614648324044757",
"136146164487655917984328871645159872535",
"321802039922679578482587554457208860971"
]
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"target": {
"file": "common/src/main/java/io/netty/util/NetUtil.java"
},
"id": "CVE-2024-47535-802f87a0",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"224108032375300166892128501174872838558",
"29648758531012150249465039178044718644",
"28206044157676502057221912642345890209",
"316693582380947112570002570135330274707",
"148778521742000663538604612069632520146",
"8114227674360508904033866795253305674"
]
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"target": {
"file": "common/src/main/java/io/netty/util/internal/PlatformDependent.java"
},
"id": "CVE-2024-47535-a6664315",
"deprecated": false
},
{
"digest": {
"function_hash": "260072840418062689595964239672649660955",
"length": 1128.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"target": {
"file": "common/src/main/java/io/netty/util/NetUtil.java",
"function": "run"
},
"id": "CVE-2024-47535-d4540c53",
"deprecated": false
},
{
"digest": {
"function_hash": "165658413103519467228314272385612798662",
"length": 1091.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"target": {
"file": "common/src/main/java/io/netty/util/internal/PlatformDependent.java",
"function": "run"
},
"id": "CVE-2024-47535-f9d7df7c",
"deprecated": false
}
]