What is CVE-2020-11612?

CVE-2020-11612 is a high-severity vulnerability in Netapp Oncommand_api_services, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2020-04-07.

How severe is CVE-2020-11612?

High severity. CVSS v3 base score is 7.5 out of 10.

Resource exhaustion in Netapp Oncommand_api_services

CVE-2020-11612

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of…

EPSS: 0.094 (94.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Netapp Oncommand_api_services
Netapp Oncommand_insight
Netapp Oncommand_workflow_automation
Netty
Oracle Communications_brm_-_elastic_charging_engine — versions 12.0.0.3
Oracle Communications_cloud_native_core_service_communication_proxy — versions 1.5.2
Oracle Communications_design_studio — versions 7.4.2
Oracle Communications_messaging_server — versions 8.1
Oracle Nosql_database
Oracle Siebel_core_-_server_framework

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-11612?: CVE-2020-11612 is a high-severity vulnerability in Netapp Oncommand_api_services, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2020-04-07.
How severe is CVE-2020-11612?: High severity. CVSS v3 base score is 7.5 out of 10.