CVE-2014-0193

Name of the Vulnerable Software and Affected Versions Netty versions 3.6.x through 3.6.8 Netty versions 3.7.x through 3.7.0 Netty versions 3.8.x through 3.8.1 Netty versions 3.9.x through 3.9.0 Netty versions 4.0.x through 4.0.18

Description The issue allows remote attackers to cause a denial of service, resulting in memory consumption. This is achieved by sending a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames. The WebSocket08FrameDecoder is the component affected by this issue.

Recommendations For Netty versions 3.6.x through 3.6.8, update to version 3.6.9 or later. For Netty versions 3.7.x through 3.7.0, update to version 3.7.1 or later. For Netty versions 3.8.x through 3.8.1, update to version 3.8.2 or later. For Netty versions 3.9.x through 3.9.0, update to version 3.9.1 or later. For Netty versions 4.0.x through 4.0.18, update to version 4.0.19 or later.