Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-41915
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-13 Dec, 2022 | 07:15
Updated At-01 Mar, 2023 | 15:09

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CPE Matches
The Netty Project
netty
>>netty>>Versions from 4.1.83(inclusive) to 4.1.86(exclusive)
cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-113Primarysecurity-advisories@github.com
CWE-436Primarysecurity-advisories@github.com
CWE-436Secondarynvd@nist.gov
CWE ID: CWE-113
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-436
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-436
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4security-advisories@github.com
Patch
Third Party Advisory
https://github.com/netty/netty/issues/13084security-advisories@github.com
Exploit
Issue Tracking
Third Party Advisory
https://github.com/netty/netty/pull/12760security-advisories@github.com
Patch
Third Party Advisory
https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frpsecurity-advisories@github.com
Mitigation
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00008.htmlsecurity-advisories@github.com
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230113-0004/security-advisories@github.com
Third Party Advisory
https://www.debian.org/security/2023/dsa-5316security-advisories@github.com
Third Party Advisory
Hyperlink: https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/netty/netty/issues/13084
Source: security-advisories@github.com
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/netty/netty/pull/12760
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
Source: security-advisories@github.com
Resource:
Mitigation
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
Source: security-advisories@github.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20230113-0004/
Source: security-advisories@github.com
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2023/dsa-5316
Source: security-advisories@github.com
Resource:
Third Party Advisory
Change History
0Changes found
Details not found