CVE-2024-47535
📋 TL;DR
This vulnerability in Netty allows attackers to cause denial of service by creating a large file that Netty attempts to load on Windows systems. When Netty tries to read this non-existent file that an attacker has created with excessive size, the application crashes. This affects Windows applications using vulnerable Netty versions.
💻 Affected Systems
- Netty
📦 What is this software?
Netty by Netty
⚠️ Risk & Real-World Impact
Worst Case
Complete application crash and denial of service for all users of the affected Netty-based service
Likely Case
Application instability and periodic crashes when the specific file is created by an attacker
If Mitigated
Minimal impact if file creation permissions are properly restricted on Windows systems
🎯 Exploit Status
Exploitation requires file creation capability on the target Windows system. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.1.115
Vendor Advisory: https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
Restart Required: Yes
Instructions:
1. Update Netty dependency to version 4.1.115 or later. 2. Rebuild and redeploy your application. 3. Restart any running services using Netty.
🔧 Temporary Workarounds
Restrict file creation permissions
windowsPrevent unauthorized users from creating files in the directory Netty attempts to read from
icacls "C:\path\to\netty\directory" /deny Everyone:(WD)
Monitor for suspicious file creation
windowsSet up file system monitoring for creation of the specific file Netty attempts to load
🧯 If You Can't Patch
- Implement strict file system permissions to prevent unauthorized file creation
- Monitor application logs for crash events and file system for suspicious file creation
🔍 How to Verify
Check if Vulnerable:
Check Netty version in your project dependencies or running application. Versions before 4.1.115 on Windows are vulnerable.Check Version:
Check build.gradle, pom.xml, or similar dependency files for Netty version, or run: java -cp netty-all.jar io.netty.util.VersionVerify Fix Applied:
Verify Netty version is 4.1.115 or later after update. Test application stability when the specific file mentioned in the advisory exists.📡 Detection & Monitoring
Log Indicators:
- Application crash logs
- OutOfMemory errors related to file reading
- Stack traces mentioning file loading failures
Network Indicators:
- Sudden service unavailability
- Increased error rates in HTTP responses
SIEM Query:
source="application.logs" AND ("OutOfMemoryError" OR "java.lang.OutOfMemoryError") AND "netty"