CVE-2020-11612 vulnerability in NetApp and Other Products
Published on April 7, 2020

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

Github Repository Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2020-11612

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-11612 are published in these products:

NetApp Oncommand Api Services

NetApp Oncommand Insight

NetApp Oncommand Workflow Automation

Netty

Debian Linux

Fedora Project Fedora

Oracle Communications Brm Elastic Charging Engine

Oracle Communications Cloud Native Core Service Communication Proxy

Oracle Communications Design Studio

Oracle Nosql Database

Oracle Siebel Core Server Framework

Oracle Webcenter Portal

Oracle Communications Messaging Server

Canonical Ubuntu Linux

Vulnerable Packages

The following package name and versions may be associated with CVE-2020-11612

Package Manager	Vulnerable Package	Versions	Fixed In
maven	org.http4s:http4s-async-http-client_2.12	<= 0.21.7	0.21.8
maven	org.http4s:http4s-async-http-client_2.13	<= 0.21.7	0.21.8

Exploit Probability

EPSS

4.33%

Percentile

88.69%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-11612 vulnerability in NetApp and Other ProductsPublished on April 7, 2020

Products Associated with CVE-2020-11612

Vulnerable Packages

Exploit Probability

CVE-2020-11612 vulnerability in NetApp and Other Products
Published on April 7, 2020