Overview
About vulnerability
Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty’s epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100% CPU busy-loop in the event loop thread. This vulnerability is fixed in 4.2.13.Final.Details
- Affected product:
- Apache CXF , Apache Kafka , Apache Log4j , Apache Lucene , Apache Solr , Apache Spark , Eclipse Jetty , Netty , Spring , Wildfly , artemis , async-http-client , avro , azure-sdk-for-java , bolt-connection-java , cassandra-java-driver , couchbase-jvm-clients , elasticsearch , grpc-java , grpc-netty , infinispan , java-driver , lettuce , logging-flume , neo4j-java-driver , neo4j-ogm , netty , pulsar , rabbitmq-stream-java-client , rsocket-java , tika , wildfly , zookeeper
- Affected packages:
- apache-cxf @ 3.5.11 (+11109 more)