CVE-2024-47535

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47535
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47535.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47535
Aliases
Downstream
Related
Published
2024-11-12T16:15:22Z
Modified
2025-09-19T15:08:47.293045Z
Summary
[none]
Details

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.

References

Affected packages

Git / github.com/netty/netty

Affected ranges

Type
GIT
Repo
https://github.com/netty/netty
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

netty-4.*

netty-4.0.0.Alpha1
netty-4.0.0.Alpha2
netty-4.0.0.Alpha3
netty-4.0.0.Alpha4
netty-4.0.0.Alpha5
netty-4.0.0.Alpha6
netty-4.0.0.Alpha7
netty-4.0.0.Alpha8
netty-4.0.0.Beta1
netty-4.0.0.Beta2
netty-4.0.0.Beta3
netty-4.0.0.CR1
netty-4.0.0.CR2
netty-4.0.0.CR3
netty-4.0.0.CR4
netty-4.0.0.CR5
netty-4.0.0.CR7
netty-4.0.0.CR8
netty-4.0.0.CR9
netty-4.0.0.Final
netty-4.0.1.Final
netty-4.0.10.Final
netty-4.0.11.Final
netty-4.0.12.Final
netty-4.0.13.Final
netty-4.0.14.Beta1
netty-4.0.14.Final
netty-4.0.15.Final
netty-4.0.2.Final
netty-4.0.3.Final
netty-4.0.4.Final
netty-4.0.5.Final
netty-4.0.6.Final
netty-4.0.7.Final
netty-4.0.8.Final
netty-4.1.0.Beta1
netty-4.1.0.Beta2
netty-4.1.0.Beta3
netty-4.1.0.Beta4
netty-4.1.0.Beta5
netty-4.1.0.Beta6
netty-4.1.0.Beta7
netty-4.1.0.Beta8
netty-4.1.0.CR1
netty-4.1.0.CR2
netty-4.1.0.CR3
netty-4.1.0.CR4
netty-4.1.0.CR5
netty-4.1.0.CR6
netty-4.1.0.CR7
netty-4.1.0.Final
netty-4.1.1.Final
netty-4.1.10.Final
netty-4.1.100.Final
netty-4.1.101.Final
netty-4.1.102.Final
netty-4.1.103.Final
netty-4.1.104.Final
netty-4.1.105.Final
netty-4.1.106.Final
netty-4.1.107.Final
netty-4.1.108.Final
netty-4.1.109.Final
netty-4.1.11.Final
netty-4.1.110.Final
netty-4.1.111.Final
netty-4.1.112.Final
netty-4.1.113.Final
netty-4.1.114.Final
netty-4.1.12.Final
netty-4.1.13.Final
netty-4.1.14.Final
netty-4.1.15.Final
netty-4.1.16.Final
netty-4.1.17.Final
netty-4.1.18.Final
netty-4.1.19.Final
netty-4.1.2.Final
netty-4.1.20.Final
netty-4.1.21.Final
netty-4.1.22.Final
netty-4.1.23.Final
netty-4.1.24.Final
netty-4.1.25.Final
netty-4.1.26.Final
netty-4.1.27.Final
netty-4.1.28.Final
netty-4.1.29.Final
netty-4.1.3.Final
netty-4.1.30.Final
netty-4.1.31.Final
netty-4.1.32.Final
netty-4.1.33.Final
netty-4.1.34.Final
netty-4.1.35.Final
netty-4.1.36.Final
netty-4.1.37.Final
netty-4.1.38.Final
netty-4.1.39.Final
netty-4.1.4.Final
netty-4.1.40.Final
netty-4.1.41.Final
netty-4.1.42.Final
netty-4.1.43.Final
netty-4.1.44.Final
netty-4.1.45.Final
netty-4.1.46.Final
netty-4.1.47.Final
netty-4.1.48.Final
netty-4.1.49.Final
netty-4.1.5.Final
netty-4.1.50.Final
netty-4.1.51.Final
netty-4.1.52.Final
netty-4.1.53.Final
netty-4.1.54.Final
netty-4.1.55.Final
netty-4.1.56.Final
netty-4.1.57.Final
netty-4.1.58.Final
netty-4.1.59.Final
netty-4.1.6.Final
netty-4.1.60.Final
netty-4.1.61.Final
netty-4.1.62.Final
netty-4.1.63.Final
netty-4.1.64.Final
netty-4.1.65.Final
netty-4.1.66.Final
netty-4.1.67.Final
netty-4.1.68.Final
netty-4.1.69.Final
netty-4.1.7.Final
netty-4.1.70.Final
netty-4.1.71.Final
netty-4.1.72.Final
netty-4.1.73.Final
netty-4.1.74.Final
netty-4.1.75.Final
netty-4.1.76.Final
netty-4.1.77.Final
netty-4.1.78.Final
netty-4.1.79.Final
netty-4.1.8.Final
netty-4.1.80.Final
netty-4.1.81.Final
netty-4.1.82.Final
netty-4.1.83.Final
netty-4.1.84.Final
netty-4.1.85.Final
netty-4.1.86.Final
netty-4.1.87.Final
netty-4.1.88.Final
netty-4.1.89.Final
netty-4.1.9.Final
netty-4.1.90.Final
netty-4.1.91.Final
netty-4.1.92.Final
netty-4.1.93.Final
netty-4.1.94.Final
netty-4.1.95.Final
netty-4.1.96.Final
netty-4.1.97.Final
netty-4.1.98.Final
netty-4.1.99.Final

Database specific

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "resolver-dns/src/main/java/io/netty/resolver/dns/ResolvConf.java"
            },
            "id": "CVE-2024-47535-312d9ec9",
            "digest": {
                "line_hashes": [
                    "166686227897301829885658732484156620069",
                    "338199664978331893706288835054325914109",
                    "333844862478923356483947278663418408535",
                    "30299373726973676235516046002186433842",
                    "276188118370802735731850607401984134597",
                    "45095805959474537601101869050583409659",
                    "189675886038757376618685406382303182998",
                    "294999866087430247081549360346378888010",
                    "257930876854715798470687142747344925701",
                    "270774767595543351562648748906932209312",
                    "224010829204928704183181521589901644470",
                    "211881874870366905873612478447571736845",
                    "179755837526237526144560645107753276091"
                ],
                "threshold": 0.9
            }
        },
        {
            "signature_version": "v1",
            "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "common/src/main/java/io/netty/util/NetUtil.java",
                "function": "sysctlGetInt"
            },
            "id": "CVE-2024-47535-5f2f4cb6",
            "digest": {
                "function_hash": "1974643081959799338592584384667260683",
                "length": 596.0
            }
        },
        {
            "signature_version": "v1",
            "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "common/src/main/java/io/netty/util/internal/PlatformDependent.java",
                "function": "addFilesystemOsClassifiers"
            },
            "id": "CVE-2024-47535-7664cdc5",
            "digest": {
                "function_hash": "111912646721553965673044991457258119274",
                "length": 1424.0
            }
        },
        {
            "signature_version": "v1",
            "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "resolver-dns/src/main/java/io/netty/resolver/dns/ResolvConf.java",
                "function": "fromFile"
            },
            "id": "CVE-2024-47535-7b5639c6",
            "digest": {
                "function_hash": "165917830565648764096615959332650890143",
                "length": 202.0
            }
        },
        {
            "signature_version": "v1",
            "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "common/src/main/java/io/netty/util/NetUtil.java"
            },
            "id": "CVE-2024-47535-802f87a0",
            "digest": {
                "line_hashes": [
                    "16762015704362057022778493324526889219",
                    "47607099033499225847371922182548007909",
                    "111172853284008564449751835500903358693",
                    "85139183619659052782380409988654414091",
                    "60018189351330671423843985651896602779",
                    "90242315034260173897935274022223238025",
                    "311208516658333464509242675757320203091",
                    "47773376524229423091246660731822413204",
                    "183444788174446444853210825843572513991",
                    "261717030798001533095845169314622236541",
                    "26819898747790684701057646211584236550",
                    "337768324588618013613145614648324044757",
                    "136146164487655917984328871645159872535",
                    "321802039922679578482587554457208860971"
                ],
                "threshold": 0.9
            }
        },
        {
            "signature_version": "v1",
            "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "common/src/main/java/io/netty/util/internal/PlatformDependent.java"
            },
            "id": "CVE-2024-47535-a6664315",
            "digest": {
                "line_hashes": [
                    "224108032375300166892128501174872838558",
                    "29648758531012150249465039178044718644",
                    "28206044157676502057221912642345890209",
                    "316693582380947112570002570135330274707",
                    "148778521742000663538604612069632520146",
                    "8114227674360508904033866795253305674"
                ],
                "threshold": 0.9
            }
        },
        {
            "signature_version": "v1",
            "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "common/src/main/java/io/netty/util/NetUtil.java",
                "function": "run"
            },
            "id": "CVE-2024-47535-d4540c53",
            "digest": {
                "function_hash": "260072840418062689595964239672649660955",
                "length": 1128.0
            }
        },
        {
            "signature_version": "v1",
            "source": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "common/src/main/java/io/netty/util/internal/PlatformDependent.java",
                "function": "run"
            },
            "id": "CVE-2024-47535-f9d7df7c",
            "digest": {
                "function_hash": "165658413103519467228314272385612798662",
                "length": 1091.0
            }
        }
    ]
}