CVE-2024-47535
Publication date 12 November 2024
Last updated 11 July 2025
Ubuntu priority
Description
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| netty-3.9 | 25.10 questing | Not in release |
| 25.04 plucky | Not in release | |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| netty | 25.10 questing | Ignored only affects Windows |
| 25.04 plucky | Ignored only affects Windows | |
| 24.04 LTS noble | Ignored only affects Windows | |
| 22.04 LTS jammy | Ignored only affects Windows | |
| 20.04 LTS focal | Ignored only affects Windows | |
| 18.04 LTS bionic | Ignored only affects Windows | |
| 16.04 LTS xenial | Ignored only affects Windows | |
| 14.04 LTS trusty | Ignored only affects Windows |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |