| Package | netty |
|---|---|
| Version | 1:4.1.7-2+deb9u5 (stretch) |
| Related CVEs | CVE-2024-29025 |
Julien Viet discovered that Netty, a Java NIO client/server socket framework, was vulnerable to allocation of resources without limits or throttling due to the accumulation of data in the HttpPostRequestDecoder. This would allow an attacker to cause a denial of service.
For Debian 9 stretch, these problems have been fixed in version 1:4.1.7-2+deb9u5.
We recommend that you upgrade your netty packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.