We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2019-20444



Description

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

Reserved 2020-01-29 | Published 2020-01-29 | Updated 2024-08-05 | Assigner mitre

References

github.com/netty/netty/issues/9866

github.com/...ompare/netty-4.1.43.Final...netty-4.1.44.Final

lists.apache.org/...769285b41e948@ ([druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444) mailing-list

lists.apache.org/...2deb6f8c80bf2@ ([druid-commits] 20200131 [GitHub] [druid] zachjsh opened a new pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444) mailing-list

lists.apache.org/...7c3bf2def9114@ ([druid-commits] 20200131 [GitHub] [druid] gianm merged pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444) mailing-list

lists.apache.org/...bc4f54c593@ ([zookeeper-issues] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445) mailing-list

lists.apache.org/...8fabc46115986@ ([zookeeper-dev] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445) mailing-list

lists.apache.org/...cf5b6138f9@ ([zookeeper-issues] 20200203 [jira] [Assigned] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445) mailing-list

lists.apache.org/...fbb@

lists.apache.org/...02b@

lists.apache.org/...f276148b08@ ([zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445) mailing-list

lists.apache.org/...5c5b153a62@ ([zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445) mailing-list

lists.apache.org/...319@

lists.apache.org/...41d95682d@

lists.apache.org/...201676c60@

lists.apache.org/...41e32f760a@ ([zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445) mailing-list

lists.apache.org/...209db136e8cb7@ ([zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java8 #38) mailing-list

lists.apache.org/...24987706636c5@ ([zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java11 #39) mailing-list

lists.apache.org/...19dc00f01cf0b@ ([zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-master-maven-jdk11 #361) mailing-list

lists.apache.org/...2d7@

lists.apache.org/...1faafb2fb5@ ([zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445) mailing-list

lists.apache.org/...74fc2499b@

lists.apache.org/...4362feb6f@

lists.apache.org/...964bcedd7d@ ([zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445) mailing-list

lists.apache.org/...749@

access.redhat.com/errata/RHSA-2020:0497 (RHSA-2020:0497) vendor-advisory

lists.apache.org/...4764b183d@ ([cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities) mailing-list

lists.apache.org/...015d91@ ([hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,) mailing-list

lists.apache.org/...d16543@ ([hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869) mailing-list

lists.apache.org/...6336c9@ ([hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869) mailing-list

lists.debian.org/debian-lts-announce/2020/02/msg00017.html ([debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update) mailing-list

lists.debian.org/debian-lts-announce/2020/02/msg00018.html ([debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update) mailing-list

lists.apache.org/...a08762@ ([hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869) mailing-list

lists.apache.org/...7923a5@ ([hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869) mailing-list

access.redhat.com/errata/RHSA-2020:0601 (RHSA-2020:0601) vendor-advisory

access.redhat.com/errata/RHSA-2020:0606 (RHSA-2020:0606) vendor-advisory

access.redhat.com/errata/RHSA-2020:0605 (RHSA-2020:0605) vendor-advisory

access.redhat.com/errata/RHSA-2020:0567 (RHSA-2020:0567) vendor-advisory

lists.apache.org/...d1fa41@ ([hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869) mailing-list

lists.apache.org/...baa836@ ([hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869) mailing-list

lists.apache.org/...477d4@ ([hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869) mailing-list

lists.apache.org/...4c0b9@ ([hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869) mailing-list

lists.apache.org/...c62c6@ ([hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869) mailing-list

lists.apache.org/...432532@ ([hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869) mailing-list

access.redhat.com/errata/RHSA-2020:0806 (RHSA-2020:0806) vendor-advisory

access.redhat.com/errata/RHSA-2020:0811 (RHSA-2020:0811) vendor-advisory

access.redhat.com/errata/RHSA-2020:0804 (RHSA-2020:0804) vendor-advisory

access.redhat.com/errata/RHSA-2020:0805 (RHSA-2020:0805) vendor-advisory

lists.apache.org/...6ef6ce1b118d34d8d@ ([geode-dev] 20200408 Proposal to bring GEODE-7969 to support/1.12) mailing-list

lists.apache.org/...42f4ba73b800db78f@ ([geode-dev] 20200408 Re: Proposal to bring GEODE-7969 to support/1.12) mailing-list

lists.apache.org/...12c7eefa3@ ([cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6) mailing-list

lists.apache.org/...e64e840a0@ ([bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image) mailing-list

lists.debian.org/debian-lts-announce/2020/09/msg00004.html ([debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update) mailing-list

lists.debian.org/debian-lts-announce/2020/09/msg00003.html ([debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update) mailing-list

lists.apache.org/...c1e6f0101742e7@ ([flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink) mailing-list

lists.apache.org/...066fcd2ae66e16a2f@ ([flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink) mailing-list

usn.ubuntu.com/4532-1/ (USN-4532-1) vendor-advisory

lists.fedoraproject.org/...TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/ (FEDORA-2020-66b5f85ccc) vendor-advisory

lists.apache.org/...62e253401106e@ ([camel-commits] 20201120 [camel] branch camel-2.25.x updated: Updating Netty to 4.1.48.Final to fix some CVEs (e.g. CVE-2019-16869, CVE-2019-20444)) mailing-list

lists.apache.org/...908ce7624d26@ ([pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list) mailing-list

lists.apache.org/...da5233f9f1ec@ ([pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444) mailing-list

lists.apache.org/...fea3800143e4@ ([pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444) mailing-list

lists.apache.org/...3c4f9c1ec9c2@ ([pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444) mailing-list

www.debian.org/security/2021/dsa-4885 (DSA-4885) vendor-advisory

lists.apache.org/...11e717caf3e49e@ ([flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx) mailing-list

lists.apache.org/...d04ffbc135f35f@ ([spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445) mailing-list

cve.org (CVE-2019-20444)

nvd.nist.gov (CVE-2019-20444)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2019-20444

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.