BDU:2023-08650

Vulnerability from fstec - Published: 19.10.2021
VLAI Severity ?
Title
Уязвимость функции декодирования кадров сетевого программного средства Netty, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции декодирования кадров сетевого программного средства Netty связана с неконтролируемым расходом ресурсов Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity ?
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vendor
Сообщество свободного программного обеспечения, NetApp Inc., Red Hat Inc., Canonical Ltd., Oracle Corp., Novell Inc., АО "НППКТ", Apache Software Foundation, SonarSource
Software Name
Debian GNU/Linux, Oncommand Insight, JBoss Data Grid, Red Hat Single Sign-On, Red Hat JBoss Fuse, Red Hat OpenStack Platform, Red Hat JBoss Data Virtualization, Red Hat BPM Suite, Ubuntu, A-MQ Clients, Oracle Banking Digital Experience, Red Hat build of Quarkus, Red Hat Integration Camel K, Red Hat Integration Service Registry, OpenSUSE Leap, Red Hat JBoss BRMS, Red Hat JBoss Fuse Service Works, Oracle WebCenter Portal, OpenShift Logging, SUSE Manager Server, Red Hat OpenShift Container Platform, Oracle Banking APIs, Decision Manager, Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Diameter Signaling Router, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), SUSE Linux Enterprise Module for Package Hub, Red Hat JBoss Enterprise Application Platform, netty, Communications BRM - Elastic Charging Engine, quarkus, Red Hat Satellite, Oracle PeopleSoft Enterprise PeopleTools, Red Hat Fuse, SonarQube, Red Hat AMQ Streams, Red Hat AMQ, Logging subsystem for Red Hat OpenShift, Red Hat Integration Camel Quarkus, Red Hat Data Grid, Red Hat Process Automation Manager, Vert.x
Software Version
10 (Debian GNU/Linux), - (Oncommand Insight), 7 (JBoss Data Grid), 7 (Red Hat Single Sign-On), 6 (Red Hat JBoss Fuse), 10.0 (Newton) (Red Hat OpenStack Platform), 13.0 (Queens) (Red Hat OpenStack Platform), 6 (Red Hat JBoss Data Virtualization), 6 (Red Hat BPM Suite), 20.04 LTS (Ubuntu), 2 (A-MQ Clients), 19.1 (Oracle Banking Digital Experience), 19.2 (Oracle Banking Digital Experience), 20.1 (Oracle Banking Digital Experience), 16.04 ESM (Ubuntu), - (Red Hat build of Quarkus), - (Red Hat Integration Camel K), - (Red Hat Integration Service Registry), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 6 (Red Hat JBoss BRMS), 6 (Red Hat JBoss Fuse Service Works), 12.2.1.3.0 (Oracle WebCenter Portal), 12.2.1.4.0 (Oracle WebCenter Portal), 5.1 (OpenShift Logging), 5.2 (OpenShift Logging), 5.3 (OpenShift Logging), 4.2 (SUSE Manager Server), 4.1 (SUSE Manager Server), 3.11 (Red Hat OpenShift Container Platform), 4 (Red Hat OpenShift Container Platform), 21.1 (Oracle Banking Digital Experience), от 18.1 до 18.3 включительно (Oracle Banking APIs), 19.1 (Oracle Banking APIs), 19.2 (Oracle Banking APIs), 20.1 (Oracle Banking APIs), 21.1 (Oracle Banking APIs), 22.04 LTS (Ubuntu), 4.3 (SUSE Manager Server), 7 (Decision Manager), 11.3.2 (Commerce Guided Search), 1.10.0 (Communications Cloud Native Core Binding Support Function), 22.10 (Ubuntu), от 8.0.0.0 до 8.5.0.2 включительно (Communications Diameter Signaling Router), до 2.7 (ОСОН ОСнова Оnyx), 18.04 ESM (Ubuntu), 15 SP5 (SUSE Linux Enterprise Module for Package Hub), 7 (Red Hat JBoss Enterprise Application Platform), до 4.1.68 (netty), до 12.0.0.4.6 (Communications BRM - Elastic Charging Engine), до 12.0.0.5.1 (Communications BRM - Elastic Charging Engine), от 18.1 до 18.3 включительно (Oracle Banking Digital Experience), до 2.2.4 (quarkus), 6.12 for RHEL 8 (Red Hat Satellite), 8.58 (Oracle PeopleSoft Enterprise PeopleTools), 8.57 (Oracle PeopleSoft Enterprise PeopleTools), 8.59 (Oracle PeopleSoft Enterprise PeopleTools), 7.10 (Red Hat Fuse), 9.3.3 (SonarQube), 7.4 for RHEL 8 (Red Hat JBoss Enterprise Application Platform), 7.4 on RHEL 7 (Red Hat JBoss Enterprise Application Platform), 2.0.0 (Red Hat AMQ Streams), 7.9.1 (Red Hat AMQ), 5.4 (Logging subsystem for Red Hat OpenShift), 2.2.1 (Red Hat Integration Camel Quarkus), 2.3.0 GA (Red Hat Integration Service Registry), 2.2.5 (Red Hat build of Quarkus), 8.3.0 (Red Hat Data Grid), 7.13.0 (Red Hat Process Automation Manager), 4.1.5 (Vert.x), 2.4.0 (Red Hat AMQ Streams), 2.5.0 (Red Hat AMQ Streams)
Possible Mitigations
Использование рекомендаций: Для Ubuntu: https://ubuntu.com/security/notices/USN-6049-1 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-37137 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2021-37137 Для программных продуктов NetApp Inc.: https://security.netapp.com/advisory/ntap-20220210-0012/ Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2021-37137.html Для программных продуктов Oracle Corp.: https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html Для quarkus: Обновление программного обеспечения до версии 2.2.4 и выше Для программных продуктов SonarSource Компенсирующие меры: - использование антивирусных средств защиты для отслеживания попыток эксплуатации уязвимости; - мониторинг действий пользователей; - запуск приложений от имени пользователя с минимальными возможными привилегиями в операционной системе. Для ОСОН ОСнова Оnyx: Обновление программного обеспечения netty до версии 1:4.1.33-1+deb10u3
Reference
https://ubuntu.com/security/notices/USN-6049-1 https://security-tracker.debian.org/tracker/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2021-37137 https://security.netapp.com/advisory/ntap-20220210-0012/ https://www.suse.com/security/cve/CVE-2021-37137.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/
CWE
CWE-400
To clipboard 

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, NetApp Inc., Red Hat Inc., Canonical Ltd., Oracle Corp., Novell Inc., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", Apache Software Foundation, SonarSource",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), - (Oncommand Insight), 7 (JBoss Data Grid), 7 (Red Hat Single Sign-On), 6 (Red Hat JBoss Fuse), 10.0 (Newton) (Red Hat OpenStack Platform), 13.0 (Queens) (Red Hat OpenStack Platform), 6 (Red Hat JBoss Data Virtualization), 6 (Red Hat BPM Suite), 20.04 LTS (Ubuntu), 2 (A-MQ Clients), 19.1 (Oracle Banking Digital Experience), 19.2 (Oracle Banking Digital Experience), 20.1 (Oracle Banking Digital Experience), 16.04 ESM (Ubuntu), - (Red Hat build of Quarkus), - (Red Hat Integration Camel K), - (Red Hat Integration Service Registry), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 6 (Red Hat JBoss BRMS), 6 (Red Hat JBoss Fuse Service Works), 12.2.1.3.0 (Oracle WebCenter Portal), 12.2.1.4.0 (Oracle WebCenter Portal), 5.1 (OpenShift Logging), 5.2 (OpenShift Logging), 5.3 (OpenShift Logging), 4.2 (SUSE Manager Server), 4.1 (SUSE Manager Server), 3.11 (Red Hat OpenShift Container Platform), 4 (Red Hat OpenShift Container Platform), 21.1 (Oracle Banking Digital Experience), \u043e\u0442 18.1 \u0434\u043e 18.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Oracle Banking APIs), 19.1 (Oracle Banking APIs), 19.2 (Oracle Banking APIs), 20.1 (Oracle Banking APIs), 21.1 (Oracle Banking APIs), 22.04 LTS (Ubuntu), 4.3 (SUSE Manager Server), 7 (Decision Manager), 11.3.2 (Commerce Guided Search), 1.10.0 (Communications Cloud Native Core Binding Support Function), 22.10 (Ubuntu), \u043e\u0442 8.0.0.0 \u0434\u043e 8.5.0.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Communications Diameter Signaling Router), \u0434\u043e 2.7 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 18.04 ESM (Ubuntu), 15 SP5 (SUSE Linux Enterprise Module for Package Hub), 7 (Red Hat JBoss Enterprise Application Platform), \u0434\u043e 4.1.68 (netty), \u0434\u043e 12.0.0.4.6 (Communications BRM - Elastic Charging Engine), \u0434\u043e 12.0.0.5.1 (Communications BRM - Elastic Charging Engine), \u043e\u0442 18.1 \u0434\u043e 18.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Oracle Banking Digital Experience), \u0434\u043e 2.2.4 (quarkus), 6.12 for RHEL 8 (Red Hat Satellite), 8.58 (Oracle PeopleSoft Enterprise PeopleTools), 8.57 (Oracle PeopleSoft Enterprise PeopleTools), 8.59 (Oracle PeopleSoft Enterprise PeopleTools), 7.10 (Red Hat Fuse), 9.3.3 (SonarQube), 7.4 for RHEL 8 (Red Hat JBoss Enterprise Application Platform), 7.4 on RHEL 7 (Red Hat JBoss Enterprise Application Platform), 2.0.0 (Red Hat AMQ Streams), 7.9.1 (Red Hat AMQ), 5.4 (Logging subsystem for Red Hat OpenShift), 2.2.1 (Red Hat Integration Camel Quarkus), 2.3.0 GA (Red Hat Integration Service Registry), 2.2.5 (Red Hat build of Quarkus), 8.3.0 (Red Hat Data Grid), 7.13.0 (Red Hat Process Automation Manager), 4.1.5 (Vert.x), 2.4.0 (Red Hat AMQ Streams), 2.5.0 (Red Hat AMQ Streams)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-6049-1\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-37137\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2021-37137\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 NetApp Inc.:\nhttps://security.netapp.com/advisory/ntap-20220210-0012/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-37137.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpuapr2022.html\nhttps://www.oracle.com/security-alerts/cpujan2022.html\nhttps://www.oracle.com/security-alerts/cpujul2022.html\n\n\u0414\u043b\u044f quarkus:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.2.4 \u0438 \u0432\u044b\u0448\u0435\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 SonarSource\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u0437\u0430\u043f\u0443\u0441\u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f netty \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:4.1.33-1+deb10u3",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.10.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.01.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.12.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08650",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-37137",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Oncommand Insight, JBoss Data Grid, Red Hat Single Sign-On, Red Hat JBoss Fuse, Red Hat OpenStack Platform, Red Hat JBoss Data Virtualization, Red Hat BPM Suite, Ubuntu, A-MQ Clients, Oracle Banking Digital Experience, Red Hat build of Quarkus, Red Hat Integration Camel K, Red Hat Integration Service Registry, OpenSUSE Leap, Red Hat JBoss BRMS, Red Hat JBoss Fuse Service Works, Oracle WebCenter Portal, OpenShift Logging, SUSE Manager Server, Red Hat OpenShift Container Platform, Oracle Banking APIs, Decision Manager, Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Diameter Signaling Router, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), SUSE Linux Enterprise Module for Package Hub, Red Hat JBoss Enterprise Application Platform, netty, Communications BRM - Elastic Charging Engine, quarkus, Red Hat Satellite, Oracle PeopleSoft Enterprise PeopleTools, Red Hat Fuse, SonarQube, Red Hat AMQ Streams, Red Hat AMQ, Logging subsystem for Red Hat OpenShift, Red Hat Integration Camel Quarkus, Red Hat Data Grid, Red Hat Process Automation Manager, Vert.x",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , Canonical Ltd. Ubuntu 16.04 ESM , Novell Inc. OpenSUSE Leap 15.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , Canonical Ltd. Ubuntu 22.04 LTS , Canonical Ltd. Ubuntu 22.10 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Canonical Ltd. Ubuntu 18.04 ESM , Novell Inc. SUSE Linux Enterprise Module for Package Hub 15 SP5 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u0430\u0434\u0440\u043e\u0432 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 Netty, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u0430\u0434\u0440\u043e\u0432 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 Netty \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://ubuntu.com/security/notices/USN-6049-1\nhttps://security-tracker.debian.org/tracker/CVE-2021-37137\nhttps://access.redhat.com/security/cve/CVE-2021-37137\nhttps://security.netapp.com/advisory/ntap-20220210-0012/\nhttps://www.suse.com/security/cve/CVE-2021-37137.html\nhttps://www.oracle.com/security-alerts/cpuapr2022.html\nhttps://www.oracle.com/security-alerts/cpujan2022.html\nhttps://www.oracle.com/security-alerts/cpujul2022.html\nhttps://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-400",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.