CVE-2024-29025

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Mar 25, 2024
Updated: Jun 21, 2024
CWE ID 770

Summary

CVE-2024-29025 is a vulnerability affecting the `HttpPostRequestDecoder` component of Netty, an event-driven network application framework. An attacker can exploit this issue by sending a chunked POST request with a large number of small fields, causing the decoder to accumulate data indefinitely in the `undecodedChunk` buffer. The decoder does not impose limits on the number of fields a form can have, allowing an attacker to potentially overflow available memory. This vulnerability is resolved in Netty version 4.1.108.Final.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share