9.1
CVE-2026-42579
- EPSS 0.82%
- Veröffentlicht 13.05.2026 18:01:52
- Zuletzt bearbeitet 09.07.2026 13:17:14
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Netty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder)
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.82% | 0.525 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-1286 Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CWE-626 Null Byte Interaction Error (Poison Null Byte)
The product does not properly handle null bytes or NUL characters when passing data between different representations or components.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://bugzilla.redhat.com/show_bug.cgi?id=2477217
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42579.json
https://access.redhat.com/errata/RHSA-2026:28010
https://access.redhat.com/errata/RHSA-2026:36820
https://access.redhat.com/errata/RHSA-2026:23808
https://access.redhat.com/errata/RHSA-2026:24502
https://access.redhat.com/errata/RHSA-2026:25123
https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm
https://access.redhat.com/security/cve/CVE-2026-42579