CVE-2014-0193
medium
CVSS v3
—
VIR risk
5.0
Description
Netty denial of service vulnerability
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 0 |
| debian | sid | fixed | 0 |
| debian | trixie | fixed | 0 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | io.netty:netty | >=3.6.0.Beta1,<3.6.9.Final | 3.6.9.Final |
| Maven | io.netty:netty | >=3.7.0.Final,<3.7.1.Final | 3.7.1.Final |
| Maven | io.netty:netty | >=3.8.0.Final,<3.8.2.Final | 3.8.2.Final |
| Maven | io.netty:netty | >=3.9.0.Final,<3.9.1.Final | 3.9.1.Final |
| Maven | io.netty:netty | >=4.0.0.Alpha1,<4.0.19.Final | 4.0.19.Final |
| Maven | io.netty:netty-all | >=4.0.0.Alpha1,<4.0.19.Final | 4.0.19.Final |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| netty | netty | 3.6.0 | |
| netty | netty | 3.6.1 | |
| netty | netty | 3.6.2 | |
| netty | netty | 3.6.3 | |
| netty | netty | 3.6.4 | |
| netty | netty | 3.6.5 | |
| netty | netty | 3.6.6 | |
| netty | netty | 3.6.7 | |
| netty | netty | 3.6.8 | |
| netty | netty | 3.7.0 | |
| netty | netty | 3.8.0 | |
| netty | netty | 3.8.1 | |
| netty | netty | 3.9.0 | |
| netty | netty | 4.0.0 | |
| netty | netty | 4.0.1 | |
| netty | netty | 4.0.2 | |
| netty | netty | 4.0.3 | |
| netty | netty | 4.0.4 | |
| netty | netty | 4.0.5 | |
| netty | netty | 4.0.6 | |
| netty | netty | 4.0.7 | |
| netty | netty | 4.0.8 | |
| netty | netty | 4.0.9 | |
| netty | netty | 4.0.10 | |
| netty | netty | 4.0.11 | |
| netty | netty | 4.0.12 | |
| netty | netty | 4.0.13 | |
| netty | netty | 4.0.14 | |
| netty | netty | 4.0.15 | |
| netty | netty | 4.0.16 | |
| netty | netty | 4.0.17 | |
| netty | netty | 4.0.18 | |
References
- http://netty.io/news/2014/04/30/release-day.html
- http://rhn.redhat.com/errata/RHSA-2014-1019.html
- http://rhn.redhat.com/errata/RHSA-2014-1020.html
- http://rhn.redhat.com/errata/RHSA-2014-1021.html
- http://rhn.redhat.com/errata/RHSA-2014-1351.html
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://rhn.redhat.com/errata/RHSA-2015-0765.html
- http://secunia.com/advisories/58280
- http://secunia.com/advisories/59290
- http://www.securityfocus.com/bid/67182
- https://github.com/netty/netty/issues/2441
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
- https://nvd.nist.gov/vuln/detail/CVE-2014-0193
- https://github.com/netty/netty/commit/8599ab5bdb761bb99d41a975d689f74c12e4892b
- https://github.com/netty/netty
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
- https://web.archive.org/web/20140509033427/http://www.securityfocus.com/bid/67182
- https://web.archive.org/web/20140509044857/http://secunia.com/advisories/58280
- https://web.archive.org/web/20161119201425/http://secunia.com/advisories/59290
- https://security-tracker.debian.org/tracker/CVE-2014-0193
CWEs
CWE-399
💬 Discuss CVE-2014-0193 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.