CVE-2021-35940 Issue
See original GitHub issueDetail
- dependency netty -> netty-tcnative-boringssl-static -> APR(1.7.0)
APR 1.7.0 have a CVE issue: https://nvd.nist.gov/vuln/detail/CVE-2021-35940 APR provide a patch: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch. But APR has not release a version contains this patch. Maybe we can add this fix patch while doing netty-tcnative-boringssl-static building work.
Expected behavior
Fix the issue.
Minimal yet complete reproducer code (or URL to code)
https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
Netty version
4.1.62
JVM version (e.g. java -version
)
1.8
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
CVE-2021-35940 Detail - NVD
The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and...
Read more >CVE-2021-35940 - Red Hat Customer Portal
The MITRE CVE dictionary describes this issue as: An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable ...
Read more >CVE-2021-35940
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue...
Read more >Oracle Critical Patch Update Advisory - July 2022
Oracle Business Intelligence Enterprise Edition, version 5.9.0.0.0 ... CVE-2021-35940, Oracle HTTP Server, SSL Module (Apache Portable Runtime), None ...
Read more >Vulnerability Details : CVE-2021-35940
The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
We don’t use the affected functions. See https://github.com/netty/netty-tcnative/issues/658
Thanks for the reply