Netty 环境问题漏洞

CNNVD-ID编号	CNNVD-202001-1317
CVE编号	CVE-2019-20444
发布时间	2020-01-29
更新时间	2021-01-14
漏洞类型	环境问题
漏洞来源	N/A
危险等级	超危
威胁类型	远程
厂商	N/A

漏洞介绍

Netty是Netty社区的一款非阻塞I/O客户端-服务器框架，它主要用于开发Java网络应用程序，如协议服务器和客户端等。

Netty 4.1.44之前版本中的HttpObjectDecoder.java文件存在环境问题漏洞。该漏洞源于网络系统或产品的环境因素不合理。

漏洞补丁

目前厂商已发布升级了Netty 环境问题漏洞的补丁，Netty 环境问题漏洞的补丁获取链接：

https://github.com/netty/netty/issues/9866

参考网址

来源:github.com

链接：https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0806
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0805
来源:MLIST

链接：https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08@%3Cissues.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0606
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0804
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0605
来源:MISC

链接：https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2@%3Ccommits.druid.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986@%3Cdev.zookeeper.apache.org%3E
来源:MISC

链接：https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7@%3Cnotifications.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a@%3Cissues.zookeeper.apache.org%3E
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0567
来源:MISC

链接：https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0601
来源:MLIST

链接：https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62@%3Cissues.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
来源:MISC

链接：https://github.com/netty/netty/issues/9866
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html
来源:MISC

链接：https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E
来源:UBUNTU

链接：https://usn.ubuntu.com/4532-1/
来源:MLIST

链接：https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0811
来源:lists.apache.org

链接：https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0497
来源:MLIST

链接：https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5@%3Cissues.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r489886fe72a98768eed665474cba13bad8d6fe0654f24987706636c5@%3Cdev.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593@%3Cissues.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r059b042bca47be53ff8a51fd04d95eb01bb683f1afa209db136e8cb7@%3Cdev.zookeeper.apache.org%3E
来源:MISC

链接：https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E
来源:MISC

链接：https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9@%3Cissues.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
来源:MLIST

链接：https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d@%3Cdev.geode.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f@%3Cdev.geode.apache.org%3E
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
来源:MLIST

链接：https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d@%3Cissues.zookeeper.apache.org%3E
来源:MISC

链接：https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319@%3Cnotifications.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E
来源:lists.apache.org

链接：https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114@%3Ccommits.druid.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html
来源:MLIST

链接：https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E
来源:MISC

链接：https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749@%3Cnotifications.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r34912a9b1a5c269a77b8be94ef6fb6d1e9b3c69129719dc00f01cf0b@%3Cdev.zookeeper.apache.org%3E
来源:MISC

链接：https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2020:0497
来源:lists.debian.org

链接：https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158636/Red-Hat-Security-Advisory-2020-3192-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156701/Red-Hat-Security-Advisory-2020-0804-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-netty-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library-cve-2019-20445-cve-2019-20444/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157214/Red-Hat-Security-Advisory-2020-1445-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156611/Red-Hat-Security-Advisory-2020-0567-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0504/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159741/Ubuntu-Security-Notice-USN-4600-2.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2378/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0786/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157859/Red-Hat-Security-Advisory-2020-2333-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2588/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0691/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156325/Red-Hat-Security-Advisory-2020-0497-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156880/Red-Hat-Security-Advisory-2020-0951-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2619/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-netty-vulnerability/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-netty-cve-2019-20445-cve-2019-20444/
来源:www.nsfocus.net

链接：http://www.nsfocus.net/vulndb/48860
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1882/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1335/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-spectrum-scale-transparent-cloud-tiering-cve-2019-20445-cve-2019-20444/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156868/Red-Hat-Security-Advisory-2020-0939-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3655/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158651/Red-Hat-Security-Advisory-2020-3197-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0915/
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2019-20444
来源:http-tcp-proxy-component-in-rational-test-virtualization-server-and-rational-test-workbench-affected-by-netty-vulnerabilities-cve-2020-7238-cve-2019-16

链接：http-tcp-proxy-component-in-rational-test-virtualization-server-and-rational-test-workbench-affected-by-netty-vulnerabilities-cve-2020-7238-cve-2019-16/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-rational-integration-tester-
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0583/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maas360-mobile-enterprise-gateway-has-security-vulnerabilities-cve-2019-2044-cve-2019-2045/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1858/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1030/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3055/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-20445-cve-2019-20444/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159269/Ubuntu-Security-Notice-USN-4532-1.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3697/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157835/Red-Hat-Security-Advisory-2020-2321-01.html

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202001-1317