Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
History

Thu, 12 Sep 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat migration Toolkit Runtimes
CPEs cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Vendors & Products Redhat migration Toolkit Runtimes

Fri, 16 Aug 2024 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9

Thu, 08 Aug 2024 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Vendors & Products Redhat jboss Enterprise Application Platform

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-25T20:09:35.156Z

Updated: 2024-08-02T01:03:51.668Z

Reserved: 2024-03-14T16:59:47.611Z

Link: CVE-2024-29025

cve-icon Vulnrichment

Updated: 2024-08-02T01:03:51.668Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-25T20:15:08.797

Modified: 2024-11-21T09:07:23.890

Link: CVE-2024-29025

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-03-25T00:00:00Z

Links: CVE-2024-29025 - Bugzilla