CVE-2022-24823: Local Information Disclosure Vulnerability in io.netty:netty-codec-http

Published May 6, 2022
·
Updated

CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.

Other sources

Netty could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when temporary storing uploads on the disk is enabled. By gaining access to the local system temporary directory, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own java.io.tmpdir when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.

Affected Software

198 affected componentsFixes available
redhat/eap7-netty<0:4.1.77-1.Final_redhat_00001.1.el8ea
0:4.1.77-1.Final_redhat_00001.1.el8ea
redhat/eap7<0:1-18.el9ea
0:1-18.el9ea
redhat/eap7-activemq-artemis<0:2.16.0-9.redhat_00042.1.el9ea
0:2.16.0-9.redhat_00042.1.el9ea
redhat/eap7-activemq-artemis-native<1:1.0.2-1.redhat_00001.1.el9ea
1:1.0.2-1.redhat_00001.1.el9ea
redhat/eap7-aesh-extensions<0:1.8.0-1.redhat_00001.1.el9ea
0:1.8.0-1.redhat_00001.1.el9ea
redhat/eap7-aesh-readline<0:2.2.0-1.redhat_00001.1.el9ea
0:2.2.0-1.redhat_00001.1.el9ea
redhat/eap7-agroal<0:1.3.0-1.redhat_00001.1.el9ea
0:1.3.0-1.redhat_00001.1.el9ea
redhat/eap7-antlr<0:2.7.7-54.redhat_7.1.el9ea
0:2.7.7-54.redhat_7.1.el9ea
redhat/eap7-apache-commons-beanutils<0:1.9.4-1.redhat_00002.1.el9ea
0:1.9.4-1.redhat_00002.1.el9ea
redhat/eap7-apache-commons-cli<0:1.4.0-1.redhat_00001.1.el9ea
0:1.4.0-1.redhat_00001.1.el9ea
redhat/eap7-apache-commons-codec<0:1.15.0-1.redhat_00001.1.el9ea
0:1.15.0-1.redhat_00001.1.el9ea
redhat/eap7-apache-commons-collections<0:3.2.2-9.redhat_2.1.el9ea
0:3.2.2-9.redhat_2.1.el9ea
redhat/eap7-apache-commons-io<0:2.10.0-1.redhat_00001.1.el9ea
0:2.10.0-1.redhat_00001.1.el9ea
redhat/eap7-apache-commons-lang<0:3.11.0-1.redhat_00001.1.el9ea
0:3.11.0-1.redhat_00001.1.el9ea
redhat/eap7-apache-commons-lang2<0:2.6.0-1.redhat_7.1.el9ea
0:2.6.0-1.redhat_7.1.el9ea
redhat/eap7-apache-cxf<0:3.3.13-1.redhat_00001.1.el9ea
0:3.3.13-1.redhat_00001.1.el9ea
redhat/eap7-apache-cxf-xjc-utils<0:3.3.1-1.1.redhat_00001.1.el9ea
0:3.3.1-1.1.redhat_00001.1.el9ea
redhat/eap7-apache-mime4j<0:0.6.0-4.1.redhat_7.1.el9ea
0:0.6.0-4.1.redhat_7.1.el9ea
redhat/eap7-apache-sshd<0:2.7.0-1.redhat_00001.1.el9ea
0:2.7.0-1.redhat_00001.1.el9ea
redhat/eap7-artemis-native<1:1.0.2-3.redhat_1.el9ea
1:1.0.2-3.redhat_1.el9ea
redhat/eap7-artemis-wildfly-integration<0:1.0.4-1.redhat_00001.1.el9ea
0:1.0.4-1.redhat_00001.1.el9ea
redhat/eap7-atinject<0:1.0.3-1.redhat_00001.1.el9ea
0:1.0.3-1.redhat_00001.1.el9ea
redhat/eap7-avro<0:1.7.6-7.1.redhat_2.1.el9ea
0:1.7.6-7.1.redhat_2.1.el9ea
redhat/eap7-azure-storage<0:8.6.6-1.1.redhat_00001.1.el9ea
0:8.6.6-1.1.redhat_00001.1.el9ea
redhat/eap7-bouncycastle<0:1.68.0-2.redhat_00005.1.el9ea
0:1.68.0-2.redhat_00005.1.el9ea
redhat/eap7-byte-buddy<0:1.11.12-2.redhat_00002.1.el9ea
0:1.11.12-2.redhat_00002.1.el9ea
redhat/eap7-caffeine<0:2.8.8-1.redhat_00001.1.el9ea
0:2.8.8-1.redhat_00001.1.el9ea
redhat/eap7-cal10n<0:0.8.1-6.redhat_1.1.el9ea
0:0.8.1-6.redhat_1.1.el9ea
redhat/eap7-codehaus-jackson<0:1.9.13-10.redhat_00007.1.el9ea
0:1.9.13-10.redhat_00007.1.el9ea
redhat/eap7-commons-logging-jboss-logging<0:1.0.0-1.Final_redhat_1.1.el9ea
0:1.0.0-1.Final_redhat_1.1.el9ea
redhat/eap7-cryptacular<0:1.2.4-1.redhat_00001.1.el9ea
0:1.2.4-1.redhat_00001.1.el9ea
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el9ea
0:2.1.3-1.redhat_00001.1.el9ea
redhat/eap7-ecj<1:3.26.0-1.redhat_00002.1.el9ea
1:3.26.0-1.redhat_00002.1.el9ea
redhat/eap7-eclipse-jgit<0:5.13.0.202109080827-1.r_redhat_00001.1.el9ea
0:5.13.0.202109080827-1.r_redhat_00001.1.el9ea
redhat/eap7-elytron-web<0:1.9.2-2.Final_redhat_00001.1.el9ea
0:1.9.2-2.Final_redhat_00001.1.el9ea
redhat/eap7-fge-btf<0:1.2.0-1.redhat_00007.1.el9ea
0:1.2.0-1.redhat_00007.1.el9ea
redhat/eap7-fge-msg-simple<0:1.1.0-1.redhat_00007.1.el9ea
0:1.1.0-1.redhat_00007.1.el9ea
redhat/eap7-glassfish-concurrent<0:1.1.1-1.redhat_00001.1.el9ea
0:1.1.1-1.redhat_00001.1.el9ea
redhat/eap7-glassfish-fastinfoset<0:1.2.13-11.1.redhat_1.1.el9ea
0:1.2.13-11.1.redhat_1.1.el9ea
redhat/eap7-glassfish-jaf<0:1.2.2-1.redhat_00001.1.el9ea
0:1.2.2-1.redhat_00001.1.el9ea
redhat/eap7-glassfish-javamail<0:1.6.5-1.redhat_00001.1.el9ea
0:1.6.5-1.redhat_00001.1.el9ea
redhat/eap7-glassfish-jaxb<0:2.3.3-4.1.b02_redhat_00001.1.el9ea
0:2.3.3-4.1.b02_redhat_00001.1.el9ea
redhat/eap7-glassfish-jsf<0:2.3.14-4.SP05_redhat_00001.1.el9ea
0:2.3.14-4.SP05_redhat_00001.1.el9ea
redhat/eap7-glassfish-json<0:1.1.6-2.redhat_00001.1.el9ea
0:1.1.6-2.redhat_00001.1.el9ea
redhat/eap7-gnu-getopt<0:1.0.13-6.redhat_5.1.el9ea
0:1.0.13-6.redhat_5.1.el9ea
redhat/eap7-gson<0:2.8.9-1.redhat_00001.1.el9ea
0:2.8.9-1.redhat_00001.1.el9ea
redhat/eap7-guava-failureaccess<0:1.0.1-1.redhat_00002.1.el9ea
0:1.0.1-1.redhat_00002.1.el9ea
redhat/eap7-guava-libraries<0:30.1.0-1.1.redhat_00001.1.el9ea
0:30.1.0-1.1.redhat_00001.1.el9ea
redhat/eap7-h2database<0:1.4.197-2.redhat_00004.1.el9ea
0:1.4.197-2.redhat_00004.1.el9ea
redhat/eap7-hal-console<0:3.3.13-1.Final_redhat_00001.1.el9ea
0:3.3.13-1.Final_redhat_00001.1.el9ea
redhat/eap7-hibernate<0:5.3.27-1.Final_redhat_00001.1.el9ea
0:5.3.27-1.Final_redhat_00001.1.el9ea
redhat/eap7-hibernate-beanvalidation-api<0:2.0.2-1.redhat_00001.1.el9ea
0:2.0.2-1.redhat_00001.1.el9ea
redhat/eap7-hibernate-commons-annotations<0:5.0.5-1.1.Final_redhat_00002.1.el9ea
0:5.0.5-1.1.Final_redhat_00002.1.el9ea
redhat/eap7-hibernate-search<0:5.10.7-1.1.Final_redhat_00001.1.el9ea
0:5.10.7-1.1.Final_redhat_00001.1.el9ea
redhat/eap7-hibernate-validator<0:6.0.23-1.Final_redhat_00001.1.el9ea
0:6.0.23-1.Final_redhat_00001.1.el9ea
redhat/eap7-hornetq<0:2.4.8-1.Final_redhat_00001.1.el9ea
0:2.4.8-1.Final_redhat_00001.1.el9ea
redhat/eap7-httpcomponents-asyncclient<0:4.1.4-1.1.redhat_00001.1.el9ea
0:4.1.4-1.1.redhat_00001.1.el9ea
redhat/eap7-httpcomponents-client<0:4.5.13-1.redhat_00001.1.el9ea
0:4.5.13-1.redhat_00001.1.el9ea
redhat/eap7-httpcomponents-core<0:4.4.14-1.redhat_00001.1.el9ea
0:4.4.14-1.redhat_00001.1.el9ea
redhat/eap7-infinispan<0:11.0.15-1.Final_redhat_00001.1.el9ea
0:11.0.15-1.Final_redhat_00001.1.el9ea
redhat/eap7-ironjacamar<0:1.5.3-2.SP1_redhat_00001.1.el9ea
0:1.5.3-2.SP1_redhat_00001.1.el9ea
redhat/eap7-jackson-annotations<0:2.12.6-1.redhat_00001.1.el9ea
0:2.12.6-1.redhat_00001.1.el9ea
redhat/eap7-jackson-core<0:2.12.6-1.redhat_00001.1.el9ea
0:2.12.6-1.redhat_00001.1.el9ea
redhat/eap7-jackson-coreutils<0:1.8.0-1.redhat_00002.1.el9ea
0:1.8.0-1.redhat_00002.1.el9ea
redhat/eap7-jackson-databind<0:2.12.6.1-2.redhat_00004.1.el9ea
0:2.12.6.1-2.redhat_00004.1.el9ea
redhat/eap7-jackson-jaxrs-providers<0:2.12.6-1.redhat_00001.1.el9ea
0:2.12.6-1.redhat_00001.1.el9ea
redhat/eap7-jackson-modules-base<0:2.12.6-1.redhat_00001.1.el9ea
0:2.12.6-1.redhat_00001.1.el9ea
redhat/eap7-jackson-modules-java8<0:2.12.6-1.redhat_00001.1.el9ea
0:2.12.6-1.redhat_00001.1.el9ea
redhat/eap7-jakarta-el<0:3.0.3-3.redhat_00007.1.el9ea
0:3.0.3-3.redhat_00007.1.el9ea
redhat/eap7-jakarta-security-enterprise-api<0:1.0.2-3.redhat_00001.1.el9ea
0:1.0.2-3.redhat_00001.1.el9ea
redhat/eap7-jandex<0:2.4.2-1.Final_redhat_00001.1.el9ea
0:2.4.2-1.Final_redhat_00001.1.el9ea
redhat/eap7-jansi<0:1.18.0-1.redhat_00001.1.el9ea
0:1.18.0-1.redhat_00001.1.el9ea
redhat/eap7-jasypt<0:1.9.3-1.redhat_00002.1.el9ea
0:1.9.3-1.redhat_00002.1.el9ea
redhat/eap7-java-classmate<0:1.5.1-1.redhat_00001.1.el9ea
0:1.5.1-1.redhat_00001.1.el9ea
redhat/eap7-javaee-jpa-spec<0:2.2.3-1.redhat_00001.1.el9ea
0:2.2.3-1.redhat_00001.1.el9ea
redhat/eap7-javaee-security-soteria<0:1.0.1-3.redhat_00002.1.el9ea
0:1.0.1-3.redhat_00002.1.el9ea
redhat/eap7-javaewah<0:1.1.7-1.redhat_00001.1.el9ea
0:1.1.7-1.redhat_00001.1.el9ea
redhat/eap7-javapackages-tools<0:3.4.1-5.15.6.el9ea
0:3.4.1-5.15.6.el9ea
redhat/eap7-javassist<0:3.27.0-2.GA_redhat_00001.1.el9ea
0:3.27.0-2.GA_redhat_00001.1.el9ea
redhat/eap7-jaxbintros<0:1.0.3-1.GA_redhat_00001.1.el9ea
0:1.0.3-1.GA_redhat_00001.1.el9ea
redhat/eap7-jaxen<0:1.1.6-14.redhat_2.1.el9ea
0:1.1.6-14.redhat_2.1.el9ea
redhat/eap7-jberet<0:1.3.9-2.SP2_redhat_00001.1.el9ea
0:1.3.9-2.SP2_redhat_00001.1.el9ea
redhat/eap7-jboss-aesh<0:2.4.0-1.redhat_00001.1.el9ea
0:2.4.0-1.redhat_00001.1.el9ea
redhat/eap7-jboss-classfilewriter<0:1.2.5-1.Final_redhat_00001.1.el9ea
0:1.2.5-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-common-beans<0:2.0.1-1.Final_redhat_00001.1.el9ea
0:2.0.1-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-dmr<0:1.5.1-1.Final_redhat_00001.1.el9ea
0:1.5.1-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-ejb3-ext-api<0:2.3.0-1.Final_redhat_00001.1.el9ea
0:2.3.0-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-ejb-client<0:4.0.44-1.Final_redhat_00001.1.el9ea
0:4.0.44-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-genericjms<0:2.0.9-1.Final_redhat_00001.1.el9ea
0:2.0.9-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-iiop-client<0:1.0.1-3.Final_redhat_1.1.el9ea
0:1.0.1-3.Final_redhat_1.1.el9ea
redhat/eap7-jboss-invocation<0:1.6.3-1.Final_redhat_00001.1.el9ea
0:1.6.3-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-logging<0:3.4.1-2.Final_redhat_00001.1.el9ea
0:3.4.1-2.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-logmanager<0:2.1.18-1.Final_redhat_00001.1.el9ea
0:2.1.18-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-marshalling<0:2.0.12-1.1.Final_redhat_00001.1.el9ea
0:2.0.12-1.1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-metadata<0:13.0.0-1.Final_redhat_00001.1.el9ea
0:13.0.0-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-modules<0:1.12.0-2.Final_redhat_00001.1.el9ea
0:1.12.0-2.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-msc<0:1.4.12-1.Final_redhat_00001.1.el9ea
0:1.4.12-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-openjdk-orb<0:8.1.4-3.Final_redhat_00002.1.el9ea
0:8.1.4-3.Final_redhat_00002.1.el9ea
redhat/eap7-jboss-remoting<0:5.0.25-1.SP1_redhat_00001.1.el9ea
0:5.0.25-1.SP1_redhat_00001.1.el9ea
redhat/eap7-jboss-remoting-jmx<0:3.0.4-1.Final_redhat_00001.1.el9ea
0:3.0.4-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-seam-int<0:7.0.0-6.GA_redhat_2.1.el9ea
0:7.0.0-6.GA_redhat_2.1.el9ea
redhat/eap7-jboss-security-negotiation<0:3.0.6-1.Final_redhat_00001.1.el9ea
0:3.0.6-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-security-xacml<0:2.0.8-17.Final_redhat_8.1.el9ea
0:2.0.8-17.Final_redhat_8.1.el9ea
redhat/eap7-jboss-server-migration<0:1.10.0-18.Final_redhat_00017.1.el9ea
0:1.10.0-18.Final_redhat_00017.1.el9ea
redhat/eap7-jboss-stdio<0:1.1.0-1.Final_redhat_00001.1.el9ea
0:1.1.0-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-threads<0:2.4.0-1.Final_redhat_00001.1.el9ea
0:2.4.0-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-transaction-spi<0:7.6.0-2.Final_redhat_1.1.el9ea
0:7.6.0-2.Final_redhat_1.1.el9ea
redhat/eap7-jboss-vfs<0:3.2.16-1.Final_redhat_00001.1.el9ea
0:3.2.16-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-weld<3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9ea
3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9ea
redhat/eap7-jbossws-api<0:1.1.2-1.Final_redhat_00001.1.el9ea
0:1.1.2-1.Final_redhat_00001.1.el9ea
redhat/eap7-jbossws-common<0:3.3.3-1.Final_redhat_00001.1.el9ea
0:3.3.3-1.Final_redhat_00001.1.el9ea
redhat/eap7-jbossws-common-tools<0:1.3.2-1.Final_redhat_00001.1.el9ea
0:1.3.2-1.Final_redhat_00001.1.el9ea
redhat/eap7-jbossws-cxf<0:5.4.4-1.Final_redhat_00001.1.el9ea
0:5.4.4-1.Final_redhat_00001.1.el9ea
redhat/eap7-jbossws-jaxws-undertow-httpspi<0:1.0.1-3.Final_redhat_1.1.el9ea
0:1.0.1-3.Final_redhat_1.1.el9ea
redhat/eap7-jbossws-spi<0:3.3.1-1.Final_redhat_00001.1.el9ea
0:3.3.1-1.Final_redhat_00001.1.el9ea
redhat/eap7-jboss-xnio-base<0:3.8.7-1.SP1_redhat_00001.1.el9ea
0:3.8.7-1.SP1_redhat_00001.1.el9ea
redhat/eap7-jcip-annotations<0:1.0.0-5.redhat_8.1.el9ea
0:1.0.0-5.redhat_8.1.el9ea
redhat/eap7-jctools<0:2.1.2-1.redhat_00003.1.el9ea
0:2.1.2-1.redhat_00003.1.el9ea
redhat/eap7-jettison<0:1.4.0-1.redhat_00001.1.el9ea
0:1.4.0-1.redhat_00001.1.el9ea
redhat/eap7-jgroups<0:4.2.15-1.Final_redhat_00001.1.el9ea
0:4.2.15-1.Final_redhat_00001.1.el9ea
redhat/eap7-jgroups-azure<0:1.3.1-1.1.Final_redhat_00001.1.el9ea
0:1.3.1-1.1.Final_redhat_00001.1.el9ea
redhat/eap7-jgroups-kubernetes<0:1.0.16-1.Final_redhat_00001.1.el9ea
0:1.0.16-1.Final_redhat_00001.1.el9ea
redhat/eap7-joda-time<0:2.9.7-2.redhat_1.1.el9ea
0:2.9.7-2.redhat_1.1.el9ea
redhat/eap7-jsonb-spec<0:1.0.2-1.redhat_00001.1.el9ea
0:1.0.2-1.redhat_00001.1.el9ea
redhat/eap7-json-patch<0:1.9.0-1.redhat_00002.1.el9ea
0:1.9.0-1.redhat_00002.1.el9ea
redhat/eap7-jsoup<0:1.14.2-1.redhat_00002.1.el9ea
0:1.14.2-1.redhat_00002.1.el9ea
redhat/eap7-jul-to-slf4j-stub<0:1.0.1-7.Final_redhat_3.1.el9ea
0:1.0.1-7.Final_redhat_3.1.el9ea
redhat/eap7-log4j<0:2.17.1-2.redhat_00002.1.el9ea
0:2.17.1-2.redhat_00002.1.el9ea
redhat/eap7-log4j2-jboss-logmanager<0:1.0.0-1.Final_redhat_00001.1.el9ea
0:1.0.0-1.Final_redhat_00001.1.el9ea
redhat/eap7-log4j-jboss-logmanager<0:1.2.2-1.Final_redhat_00002.1.el9ea
0:1.2.2-1.Final_redhat_00002.1.el9ea
redhat/eap7-lucene-solr<0:5.5.5-3.redhat_2.1.el9ea
0:5.5.5-3.redhat_2.1.el9ea
redhat/eap7-mustache-java<0:0.9.6-1.1.redhat_00001.1.el9ea
0:0.9.6-1.1.redhat_00001.1.el9ea
redhat/eap7-narayana<0:5.11.4-1.Final_redhat_00001.1.el9ea
0:5.11.4-1.Final_redhat_00001.1.el9ea
redhat/eap7-neethi<0:3.1.1-1.1.redhat_1.1.el9ea
0:3.1.1-1.1.redhat_1.1.el9ea
redhat/eap7-netty<0:4.1.77-1.Final_redhat_00001.1.el9ea
0:4.1.77-1.Final_redhat_00001.1.el9ea
redhat/eap7-netty-tcnative<0:2.0.52-1.Final_redhat_00001.1.el9ea
0:2.0.52-1.Final_redhat_00001.1.el9ea
redhat/eap7-netty-transport-native-epoll<0:4.1.77-1.Final_redhat_00001.1.el9ea
0:4.1.77-1.Final_redhat_00001.1.el9ea
redhat/eap7-netty-xnio-transport<0:0.1.9-1.Final_redhat_00001.1.el9ea
0:0.1.9-1.Final_redhat_00001.1.el9ea
redhat/eap7-objectweb-asm<0:9.1.0-1.redhat_00002.1.el9ea
0:9.1.0-1.redhat_00002.1.el9ea
redhat/eap7-opensaml<0:3.3.1-1.1.redhat_00002.1.el9ea
0:3.3.1-1.1.redhat_00002.1.el9ea
redhat/eap7-picketbox<0:5.0.3-10.Final_redhat_00009.1.el9ea
0:5.0.3-10.Final_redhat_00009.1.el9ea
redhat/eap7-picketbox-commons<0:1.0.0-4.final_redhat_5.1.el9ea
0:1.0.0-4.final_redhat_5.1.el9ea
redhat/eap7-picketlink-bindings<0:2.5.5-26.SP12_redhat_00014.1.el9ea
0:2.5.5-26.SP12_redhat_00014.1.el9ea
redhat/eap7-picketlink-federation<0:2.5.5-21.SP12_redhat_00011.1.el9ea
0:2.5.5-21.SP12_redhat_00011.1.el9ea
redhat/eap7-protostream<0:4.3.5-1.Final_redhat_00001.1.el9ea
0:4.3.5-1.Final_redhat_00001.1.el9ea
redhat/eap7-reactive-streams<0:1.0.3-2.redhat_00003.1.el9ea
0:1.0.3-2.redhat_00003.1.el9ea
redhat/eap7-reactivex-rxjava<0:3.0.9-1.redhat_00001.1.el9ea
0:3.0.9-1.redhat_00001.1.el9ea
redhat/eap7-reactivex-rxjava2<0:2.2.20-1.redhat_00001.1.el9ea
0:2.2.20-1.redhat_00001.1.el9ea
redhat/eap7-resteasy<0:3.15.3-1.Final_redhat_00001.1.el9ea
0:3.15.3-1.Final_redhat_00001.1.el9ea
redhat/eap7-shibboleth-java-support<0:7.3.0-1.1.redhat_00001.1.el9ea
0:7.3.0-1.1.redhat_00001.1.el9ea
redhat/eap7-slf4j<0:1.7.22-4.1.redhat_2.1.el9ea
0:1.7.22-4.1.redhat_2.1.el9ea
redhat/eap7-slf4j-jboss-logmanager<0:1.1.0-1.Final_redhat_00001.1.el9ea
0:1.1.0-1.Final_redhat_00001.1.el9ea
redhat/eap7-snakeyaml<0:1.29.0-1.redhat_00001.2.el9ea
0:1.29.0-1.redhat_00001.2.el9ea
redhat/eap7-stax2-api<0:4.2.1-1.redhat_00001.1.el9ea
0:4.2.1-1.redhat_00001.1.el9ea
redhat/eap7-stax-ex<0:1.8.3-2.redhat_00002.1.el9ea
0:1.8.3-2.redhat_00002.1.el9ea
redhat/eap7-staxmapper<0:1.3.0-2.Final_redhat_1.1.el9ea
0:1.3.0-2.Final_redhat_1.1.el9ea
redhat/eap7-sun-istack-commons<0:3.0.10-1.1.redhat_00001.1.el9ea
0:3.0.10-1.1.redhat_00001.1.el9ea
redhat/eap7-sun-saaj<1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9ea
1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9ea
redhat/eap7-sun-saaj<1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9ea
1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9ea
redhat/eap7-sun-ws-metadata<2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9ea
2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9ea
redhat/eap7-tomcat-taglibs-standard<0:1.2.6-2.1.RC1_redhat_1.1.el9ea
0:1.2.6-2.1.RC1_redhat_1.1.el9ea
redhat/eap7-undertow<0:2.2.18-2.SP2_redhat_00001.1.el9ea
0:2.2.18-2.SP2_redhat_00001.1.el9ea
redhat/eap7-undertow-jastow<0:2.0.9-1.Final_redhat_00001.1.el9ea
0:2.0.9-1.Final_redhat_00001.1.el9ea
redhat/eap7-undertow-js<0:1.0.2-2.Final_redhat_1.1.el9ea
0:1.0.2-2.Final_redhat_1.1.el9ea
redhat/eap7-vdx<0:1.1.6-2.redhat_1.1.el9ea
0:1.1.6-2.redhat_1.1.el9ea
redhat/eap7-velocity<0:2.3.0-1.redhat_00001.1.el9ea
0:2.3.0-1.redhat_00001.1.el9ea
redhat/eap7-weld-cdi<2.0-api-0:2.0.2-2.redhat_00002.1.el9ea
2.0-api-0:2.0.2-2.redhat_00002.1.el9ea
redhat/eap7-weld-core<0:3.1.6-1.1.Final_redhat_00001.1.el9ea
0:3.1.6-1.1.Final_redhat_00001.1.el9ea
redhat/eap7-wildfly<0:7.4.6-5.GA_redhat_00002.1.el9ea
0:7.4.6-5.GA_redhat_00002.1.el9ea
redhat/eap7-wildfly-client-config<0:1.0.1-2.1.Final_redhat_00001.1.el9ea
0:1.0.1-2.1.Final_redhat_00001.1.el9ea
redhat/eap7-wildfly-common<0:1.5.4-1.1.Final_redhat_00001.1.el9ea
0:1.5.4-1.1.Final_redhat_00001.1.el9ea
redhat/eap7-wildfly-discovery<0:1.2.1-1.1.Final_redhat_00001.1.el9ea
0:1.2.1-1.1.Final_redhat_00001.1.el9ea
redhat/eap7-wildfly-elytron<0:1.15.13-1.Final_redhat_00001.1.el9ea
0:1.15.13-1.Final_redhat_00001.1.el9ea
redhat/eap7-wildfly-http-client<0:1.1.12-1.SP1_redhat_00001.1.el9ea
0:1.1.12-1.SP1_redhat_00001.1.el9ea
redhat/eap7-wildfly-naming-client<0:1.0.14-1.1.Final_redhat_00001.1.el9ea
0:1.0.14-1.1.Final_redhat_00001.1.el9ea
redhat/eap7-wildfly-openssl<0:2.2.3-1.Final_redhat_00001.1.el9ea
0:2.2.3-1.Final_redhat_00001.1.el9ea
redhat/eap7-wildfly-transaction-client<0:1.1.15-1.Final_redhat_00001.1.el9ea
0:1.1.15-1.Final_redhat_00001.1.el9ea
redhat/eap7-woodstox-core<0:6.0.3-1.1.redhat_00001.1.el9ea
0:6.0.3-1.1.redhat_00001.1.el9ea
redhat/eap7-wsdl4j<0:1.6.3-13.redhat_2.1.el9ea
0:1.6.3-13.redhat_2.1.el9ea
redhat/eap7-wss4j<0:2.2.7-1.1.redhat_00001.1.el9ea
0:2.2.7-1.1.redhat_00001.1.el9ea
redhat/eap7-xalan-j2<0:2.7.1-36.redhat_00013.1.el9ea
0:2.7.1-36.redhat_00013.1.el9ea
redhat/eap7-xerces-j2<0:2.12.0-3.SP04_redhat_00001.1.el9ea
0:2.12.0-3.SP04_redhat_00001.1.el9ea
redhat/eap7-xml-commons-resolver<0:1.2.0-7.redhat_12.1.el9ea
0:1.2.0-7.redhat_12.1.el9ea
redhat/eap7-xml-security<0:2.1.7-1.1.redhat_00001.1.el9ea
0:2.1.7-1.1.redhat_00001.1.el9ea
redhat/eap7-xom<0:1.3.7-1.redhat_00001.1.el9ea
0:1.3.7-1.redhat_00001.1.el9ea
redhat/eap7-yasson<0:1.0.10-1.redhat_00001.1.el9ea
0:1.0.10-1.redhat_00001.1.el9ea
redhat/eap7-netty<0:4.1.77-1.Final_redhat_00001.1.el7ea
0:4.1.77-1.Final_redhat_00001.1.el7ea
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/netty<4.1.59.
4.1.59.
redhat/netty<4.1.77.
4.1.77.
Netty Netty<4.1.77
Oracle Financial Services Crime And Compliance Management Studio=8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio=8.0.8.3.0
NetApp Active Iq Unified Manager Linux
NetApp Active Iq Unified Manager Windows
NetApp OnCommand Workflow Automation
NetApp Snapcenter
debian/netty<=1:4.1.48-4+deb11u2, <=1:4.1.48-7+deb12u1, <=1:4.1.48-10

Remediation

Patch Available

https://github.com/netty/netty/commit/185f8b2756a36aaa4f973f1a2a025e7d981823f1

Patch Available

https://www.oracle.com/security-alerts/cpujul2022.html

Information

As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.

Event History

May 6, 2022
CVE Published
12:00 AM
CVE Published
via MITRE·12:05 PM
Data Sourced
via MITRE·12:05 PM
DescriptionSeverityWeakness
May 17, 2022
Data Sourced
via Red Hat·02:17 PM
DescriptionSeverityAffected Software
Feb 28, 2025
Data Sourced
via Ubuntu·04:55 AM
RemedyDescriptionSeverityAffected Software
Data Sourced
via Launchpad·04:56 AM
Description

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2022-24823?

CVE-2022-24823 has a severity rating of medium, indicating that it poses a moderate risk due to potential information disclosure.

2

How do I fix CVE-2022-24823?

To fix CVE-2022-24823, upgrade to the fixed version of the affected software packages, specifically those released after version 0:4.1.77-1.Final_redhat_00001.1.el8ea.

3

What systems are affected by CVE-2022-24823?

CVE-2022-24823 affects various Red Hat EAP packages, including eap7-netty and others that utilize multipart decoders.

4

What is local information disclosure in the context of CVE-2022-24823?

Local information disclosure refers to the unauthorized access to sensitive information stored in the local system's temporary directory due to vulnerabilities in netty.

5

Are there specific versions of software packages that need to be updated for CVE-2022-24823?

Yes, you need to update affected software packages to versions that include the security patches for CVE-2022-24823, especially those based on netty.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203