Amossys-Pgr

**Name of the Vulnerable Software and Affected Versions** Netty versions prior to 4.1.115 **Description** The issue is related to an unsafe reading of environment files, potentially causing a denial of service in Netty. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes. The vulnerability is related to the `normalizeOs()` function in the `PlatformDependent.java` file, which does not verify the OS before reading `C:etcos-release` and `C:usrlibos-release`. An attacker can exploit this by creating a file larger than 1 GB in these locations, causing the Netty application to exceed the JVM memory limit and crash. **Recommendations** For Netty versions prior to 4.1.115, update to version 4.1.115 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the `C:etcos-release` and `C:usrlibos-release` files to prevent an attacker from creating a large file in these locations. Additionally, monitor the JVM memory usage to detect potential crashes caused by this issue.