Skip to main content

Netty CVE-2014-0193

MEDIUM
Resource Management Errors (CWE-399)
2014-05-06 secalert@redhat.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
May 06, 2014 - 14:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.

AnalysisAI

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-399. WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames. Affected products include: Netty. Version information: before 3.6.9.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Netty

View all
CVE-2025-24970 HIGH POC
7.5 Feb 10

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final

CVE-2026-48748 HIGH POC
7.5 Jun 12

Denial of service in the Netty HTTP/3 codec (io.netty:netty-codec-http3) prior to version 4.2.15.Final allows remote una

CVE-2026-50011 HIGH POC
7.5 Jun 12

Denial of service in Netty's io.netty:netty-codec-redis component (prior to 4.1.135.Final and 4.2.15.Final) allows remot

CVE-2022-41881 HIGH POC
7.5 Dec 12

Netty project is an event-driven asynchronous network application framework. Rated high severity (CVSS 7.5), this vulner

CVE-2020-7238 HIGH POC
7.5 Jan 27

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Tr

CVE-2019-16869 HIGH POC
7.5 Sep 26

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked

CVE-2025-58057 MEDIUM POC
6.9 Sep 04

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performan

CVE-2023-34462 MEDIUM POC
6.5 Jun 22

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performan

CVE-2022-41915 MEDIUM POC
6.5 Dec 13

Netty project is an event-driven asynchronous network application framework. Rated medium severity (CVSS 6.5), this vuln

CVE-2024-47535 MEDIUM POC
5.5 Nov 12

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performan

CVE-2022-24823 MEDIUM POC
5.5 May 06

Netty is an open-source, asynchronous event-driven network application framework. Rated medium severity (CVSS 5.5), this

CVE-2021-21290 MEDIUM POC
5.5 Feb 08

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable h

Share

CVE-2014-0193 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy