CVE-2021-21295
Description
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (HttpRequest, HttpContent, etc.) via Http2StreamFrameToHttpObjectCodec and then sent up to the child channels pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: HTTP2MultiplexCodec or Http2FrameCodec is used, Http2StreamFrameToHttpObjectCodec is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom ChannelInboundHandler that is put in the ChannelPipeline behind Http2StreamFrameToHttpObjectCodec.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.391
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-21295 are fixed in netty-codec-http2 4.1.60 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.4 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4 | Windows |
| Multiple vulnerabilities are affected in JBoss-netty 3.9.9 | Windows |
| Multiple vulnerabilities are affected in netty 3.9.9 | Windows |
| (RHSA-2022:5498) Satellite 6.11 Release foreman-cli-3.1.1.21-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release foreman-cli-3.1.1.21-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-clamp-1.1.2-7.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-clamp-1.1.2-7.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hashie-3.6.0-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-highline-2.0.3-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-highline-2.0.3-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-jwt-2.2.2-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-locale-2.0.9-15.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-logging-2.3.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-netrc-0.11.0-6.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-oauth-0.5.4-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unf-0.1.3-9.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-cli-6.11.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-cli-6.11.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-clone-3.1.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-clone-3.1.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-maintain-0.0.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-maintain-0.0.1-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-runtime-7.0-1.el7sat.x86_64.rpm | Linux |
| Vulnerabilities CVE-2021-21295 are fixed in netty-codec-http2 for Linux 4.1.60 | Linux |
| Multiple vulnerabilities are affected in JBoss-netty for Linux 3.9.9 | Linux |
| Multiple vulnerabilities are affected in netty for Linux 3.9.9 | Linux |
| CVE-2021-21295 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234