CVE-2024-9622: HTTP Request Smuggling in resteasy-netty4 Causing Client Timeouts

Key Information Vulnerability Description CVE Number: CVE-2024-9622 Vulnerability Name: resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4 Report Date: 2024-10-08 08:47 UTC Reporter: OSIDB Bzimport Fix Date: 2024-10-09 08:35 UTC Affected Versions: Not specified Affected Component: resteasy-netty4 Affected Product: Security Response Affected Platform: Not specified Affected Operating System: Linux Priority: Low Severity: Low Vulnerability Description Vulnerability Type: Security Vulnerability Vulnerability Description: A vulnerability discovered in the resteasy-netty4 library, where improper handling of HTTP requests using smuggling techniques causes the Netty HttpObjectDecoder to enter a BAD_MESSAGE state. As a result, subsequent legitimate requests on the same connection are ignored, leading to client timeouts. This may affect systems using load balancers and expose them to risks. Solution Possible Mitigation: Close the connection or reset the decoder state. Attachments Attachment Description: Detailed description of the root cause and potential solutions. Additional Information Reporter: Product Security DevOps Team Contact: Not specified Dependencies: Not specified Blocks: Not specified Whiteboard: Not specified Dependencies: Not specified Blocks: Not specified Tree View: Not specified Attachments: Not specified

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-9622: HTTP Request Smuggling in resteasy-netty4 Causing Client Timeouts