CVE编号
CVE-2021-21409利用情况
暂无补丁情况
官方补丁披露时间
2021-03-31漏洞描述
Netty是Netty社区的一款非阻塞I/O客户端-服务器框架,它主要用于开发Java网络应用程序,如协议服务器和客户端等。 Netty 存在环境问题漏洞,该漏洞导致请求走私。解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432
参考链接 |
|
|---|---|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295 | |
| https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432 | |
| https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32 | |
| https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj | |
| https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904... | |
| https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e30... | |
| https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb5... | |
| https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fd... | |
| https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815ca... | |
| https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a970... | |
| https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c4... | |
| https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afea... | |
| https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d... | |
| https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca86... | |
| https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c6... | |
| https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424... | |
| https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc... | |
| https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc... | |
| https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6... | |
| https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837fea... | |
| https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f8... | |
| https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b... | |
| https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031de... | |
| https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d4603... | |
| https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a003118... | |
| https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e... | |
| https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b... | |
| https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46... | |
| https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d629374... | |
| https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d63... | |
| https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2... | |
| https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b5282... | |
| https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697... | |
| https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb77922... | |
| https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f... | |
| https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245d... | |
| https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b... | |
| https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae... | |
| https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d... | |
| https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80... | |
| https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb... | |
| https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d... | |
| https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9... | |
| https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb... | |
| https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f0... | |
| https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b6... | |
| https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f2397... | |
| https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4f... | |
| https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04... | |
| https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c... | |
| https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d... | |
| https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c8459... | |
| https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e47... | |
| https://security.netapp.com/advisory/ntap-20210604-0003/ | |
| https://www.debian.org/security/2021/dsa-4885 | |
| https://www.oracle.com//security-alerts/cpujul2021.html | |
| https://www.oracle.com/security-alerts/cpujan2022.html | |
| https://www.oracle.com/security-alerts/cpuoct2021.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | netty | netty | * |
Up to (excluding) 4.1.61 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | netty | * |
Up to (excluding) 1:4.1.33-1+deb10u2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | netty | * |
Up to (excluding) 4.1.48-2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | netty | * |
Up to (excluding) 4.1.7-2+deb9u1 |
|||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 N/A
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 传输被破坏
- 服务器危害 无影响
- 全网数量 N/A
还没有评论,来说两句吧...