CVE-2024-47535

Published: Nov 12, 2024Modified: Sep 5, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: security-advisories@github.com (Secondary)

Description

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.

Affected (1)

Products: Netty: Netty

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netty Netty	Before 4.1.115

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3

Source: security-advisories@github.com

Patch

https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv

Source: security-advisories@github.com

ExploitVendor Advisory

Timeline

No history available yet.