OESA-2024-2379

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2379

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-2379.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-2379

Upstream

CVE-2024-29025

Published

2024-11-15T12:19:18Z

Modified

2025-08-12T05:43:06.227202Z

Summary

netty3 security update

Details

Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server.

Security Fix(es):

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.(CVE-2024-29025)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:24.03-LTS / netty3

Package

Name: netty3
Purl: pkg:rpm/openEuler/netty3&distro=openEuler-24.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.6-9.oe2403

Ecosystem specific

{
    "noarch": [
        "netty3-3.10.6-9.oe2403.noarch.rpm"
    ],
    "src": [
        "netty3-3.10.6-9.oe2403.src.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / netty3

Package

Name: netty3
Purl: pkg:rpm/openEuler/netty3&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.6-9.oe2203sp4

Ecosystem specific

{
    "noarch": [
        "netty3-3.10.6-9.oe2203sp4.noarch.rpm"
    ],
    "src": [
        "netty3-3.10.6-9.oe2203sp4.src.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / netty3

Package

Name: netty3
Purl: pkg:rpm/openEuler/netty3&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.6-9.oe2203sp3

Ecosystem specific

{
    "noarch": [
        "netty3-3.10.6-9.oe2203sp3.noarch.rpm"
    ],
    "src": [
        "netty3-3.10.6-9.oe2203sp3.src.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / netty3

Package

Name: netty3
Purl: pkg:rpm/openEuler/netty3&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.6-9.oe2003sp4

Ecosystem specific

{
    "noarch": [
        "netty3-3.10.6-9.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "netty3-3.10.6-9.oe2003sp4.src.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / netty3

Package

Name: netty3
Purl: pkg:rpm/openEuler/netty3&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.6-9.oe2203sp1

Ecosystem specific

{
    "noarch": [
        "netty3-3.10.6-9.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "netty3-3.10.6-9.oe2203sp1.src.rpm"
    ]
}