CVE编号
CVE-2021-21295利用情况
暂无补丁情况
官方补丁披露时间
2021-03-10漏洞描述
Netty是Netty社区的一款非阻塞I/O客户端-服务器框架,它主要用于开发Java网络应用程序,如协议服务器和客户端等。 Netty 存在环境问题漏洞,该漏洞源于请求以HTTP 2流的形式传入,则被转换为HTTP 1.1对象。解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4
参考链接 |
|
|---|---|
| https://github.com/Netflix/zuul/pull/980 | |
| https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4 | |
| https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj | |
| https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b5... | |
| https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f6... | |
| https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692... | |
| https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904... | |
| https://lists.apache.org/thread.html/r15f66ada9a5faf4bac69d9e7c4521cedfefa62d... | |
| https://lists.apache.org/thread.html/r16c4b55ac82be72f28adad4f8061477e5f97819... | |
| https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9d... | |
| https://lists.apache.org/thread.html/r1bca0b81193b74a451fc6d687ab58ef3a1f5ec4... | |
| https://lists.apache.org/thread.html/r22adb45fe902aeafcd0a1c4db13984224a66767... | |
| https://lists.apache.org/thread.html/r22b2f34447d71c9a0ad9079b7860323d5584fb9... | |
| https://lists.apache.org/thread.html/r268850f26639ebe249356ed6d8edb54ee8943be... | |
| https://lists.apache.org/thread.html/r27b7e5a588ec826b15f38c40be500c500734000... | |
| https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987... | |
| https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac... | |
| https://lists.apache.org/thread.html/r312ce5bd3c6bf08c138349b507b6f1c25fe9cf4... | |
| https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a46... | |
| https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab8... | |
| https://lists.apache.org/thread.html/r393a339ab0b63ef9e6502253eeab26e7643b3e6... | |
| https://lists.apache.org/thread.html/r3c293431c781696681abbfe1c573c2d9dcdae6f... | |
| https://lists.apache.org/thread.html/r3c4596b9b37f5ae91628ccf169d33cd5a0da4b1... | |
| https://lists.apache.org/thread.html/r3ff9e735ca33612d900607dc139ebd38a64cadc... | |
| https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c6... | |
| https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d... | |
| https://lists.apache.org/thread.html/r5232e33a1f3b310a3e083423f736f3925ebdb15... | |
| https://lists.apache.org/thread.html/r5470456cf1409a99893ae9dd57439799f6dc1a6... | |
| https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd7766... | |
| https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca86... | |
| https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a... | |
| https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c6... | |
| https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6... | |
| https://lists.apache.org/thread.html/r5fc5786cdd640b1b0a3c643237ce0011f0a08a2... | |
| https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc... | |
| https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beec... | |
| https://lists.apache.org/thread.html/r67e6a636cbc1958383a1cd72b7fd0cd7493360b... | |
| https://lists.apache.org/thread.html/r6a122c25e352eb134d01e7f4fc4d345a491c5ee... | |
| https://lists.apache.org/thread.html/r6a29316d758db628a1df49ca219d64caf493999... | |
| https://lists.apache.org/thread.html/r6aee7e3566cb3e51eeed2fd8786704d91f80a75... | |
| https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5... | |
| https://lists.apache.org/thread.html/r70cebada51bc6d49138272437d8a28fe971d019... | |
| https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d727... | |
| https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88... | |
| https://lists.apache.org/thread.html/r837bbcbf12e335e83ab448b1bd2c1ad7e86efdc... | |
| https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e... | |
| https://lists.apache.org/thread.html/r86cd38a825ab2344f3e6cad570528852f29a4ff... | |
| https://lists.apache.org/thread.html/r8bcaf7821247b1836b10f6a1a3a3212b06272fd... | |
| https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd779... | |
| https://lists.apache.org/thread.html/r9051e4f484a970b5566dc1870ecd9c1eb435214... | |
| https://lists.apache.org/thread.html/r905b92099998291956eebf4f1c5d95f5a0cbcec... | |
| https://lists.apache.org/thread.html/r96ce18044880c33634c4b3fcecc57b8b90673c9... | |
| https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a... | |
| https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d63... | |
| https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2... | |
| https://lists.apache.org/thread.html/ra83096bcbfe6e1f4d54449f8a013117a0536404... | |
| https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a... | |
| https://lists.apache.org/thread.html/racc191a1f70a4f13155e8002c61bddef2870b26... | |
| https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38... | |
| https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b5617841864... | |
| https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c... | |
| https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852... | |
| https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff6609875... | |
| https://lists.apache.org/thread.html/rb95d42ce220ed4a4683aa17833b5006d657bc42... | |
| https://lists.apache.org/thread.html/rbadcbcb50195f00bbd196403865ced521ca7078... | |
| https://lists.apache.org/thread.html/rbed09768f496244a2e138dbbe6d2847ddf796c9... | |
| https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda... | |
| https://lists.apache.org/thread.html/rc165e36ca7cb5417aec3f21bbc4ec00fb38eceb... | |
| https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f... | |
| https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae... | |
| https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d5... | |
| https://lists.apache.org/thread.html/rcf3752209a8b04996373bf57fdc808b3bfaa2be... | |
| https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8e... | |
| https://lists.apache.org/thread.html/rcfc535afd413d9934d6ee509dce234dac41fa37... | |
| https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946... | |
| https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80... | |
| https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb... | |
| https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c1... | |
| https://lists.apache.org/thread.html/rdc096e13ac4501ea2e2b03a197682a313b85d3d... | |
| https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1... | |
| https://lists.apache.org/thread.html/re4f70b62843e92163fab03b65e2aa8078693293... | |
| https://lists.apache.org/thread.html/re6207ebe2ca4d44f2a6deee695ad6f27fd29d78... | |
| https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f2397... | |
| https://lists.apache.org/thread.html/reafc834062486adfc7be5bb8f7b7793be0d33f4... | |
| https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39a... | |
| https://lists.apache.org/thread.html/rf87b870a22aa5c77c27900967b518a71a7d954c... | |
| https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e47... | |
| https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb03... | |
| https://security.netapp.com/advisory/ntap-20210604-0003/ | |
| https://www.debian.org/security/2021/dsa-4885 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | netty | netty | * |
Up to (excluding) 4.1.60 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | netty | * |
Up to (excluding) 1:4.1.33-1+deb10u2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | netty | * |
Up to (excluding) 4.1.48-2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | netty | * |
Up to (excluding) 4.1.7-2+deb9u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_sid | netty | * |
Up to (excluding) 4.1.48-2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.2 | netty | * |
Up to (excluding) 4.1.13-lp152.3.3.1 |
|||||
- 攻击路径 远程
- 攻击复杂度 困难
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 N/A
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 传输被破坏
- 服务器危害 无影响
- 全网数量 N/A
还没有评论,来说两句吧...