Details
-
Bug
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
3.6.3, 3.7.0
-
None
-
None
-
None
Description
Netty library used in ZooKeeper has the below high security vulnerabilities reported.
BDSA-2021-2832
Affected Component(s): Netty Project
Vulnerability Published: 2021-09-23 06:15 EDT
Vulnerability Updated: 2021-09-23 06:15 EDT
CVSS Score: 6.5 (overall), 7.5 (base)
Summary: Netty is vulnerable to excessive memory usage due to being unable to set size restrictions on decompressed data input. An attacker could exploit this by supplying crafted input in order to cause a denial-of-service (DoS).
Solution: Fixed in version netty-4.1.68.Final
BDSA-2021-2831
Affected Component(s): Netty Project
Vulnerability Published: 2021-09-22 07:35 EDT
Vulnerability Updated: 2021-09-22 07:35 EDT
CVSS Score: 6.5 (overall), 7.5 (base)
Summary: Netty is susceptible to excessive memory usage due to missing chunk length restrictions and the potential buffering of reserved skippable chunks until the complete chunk has been received. An attacker could exploit this by supplying crafted input in order to cause a denial-of-service (DoS).
Solution: Fixed in version netty-4.1.68.Final
Request to update the library to netty-4.1.68.Final where the vulnerability is fixed.