Oval Definition:oval:org.opensuse.security:def:202241881
Revision Date:2023-06-22Version:1
Title:CVE-2022-41881
Description:

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-41881
SUSE CVE-2022-41881
SUSE-SU-2023:2096-1
SUSE-SU-2023:2096-2
Platform(s):SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Development Tools 15 SP5
SUSE Linux Enterprise Module for Package Hub 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Package Hub 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND
  • netty-4.1.90-150200.4.14.1 is installed
  • OR netty-javadoc-4.1.90-150200.4.14.1 is installed
  • OR netty-poms-4.1.90-150200.4.14.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Development Tools 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND
  • netty-tcnative-2.0.59-150200.3.10.1 is installed
  • OR netty3 is not affected
    • BACK