Netty

Netty

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2025-59419

  • EPSS 3.19%
  • Veröffentlicht 15.10.2025 15:42:30
  • Zuletzt bearbeitet 17.10.2025 20:15:40

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Retur...

7.5

CVE-2025-58057

Medienbericht Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.09.2025 21:46:49
  • Zuletzt bearbeitet 08.09.2025 16:45:55

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final a...

7.5

CVE-2025-58056

Medienbericht Exploit
  • EPSS 0.02%
  • Veröffentlicht 03.09.2025 20:56:50
  • Zuletzt bearbeitet 08.09.2025 16:46:36

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone n...

7.5

CVE-2025-55163

Medienbericht Exploit
  • EPSS 0.08%
  • Veröffentlicht 13.08.2025 14:17:36
  • Zuletzt bearbeitet 04.11.2025 22:16:30

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 contro...

5.5

CVE-2025-25193

  • EPSS 0.06%
  • Veröffentlicht 10.02.2025 22:15:38
  • Zuletzt bearbeitet 11.06.2025 15:36:22

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windo...

7.5

CVE-2025-24970

Medienbericht Exploit
  • EPSS 0.35%
  • Veröffentlicht 10.02.2025 22:15:38
  • Zuletzt bearbeitet 05.09.2025 17:20:12

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validati...

5.5

CVE-2024-47535

Exploit
  • EPSS 0.02%
  • Veröffentlicht 12.11.2024 16:15:22
  • Zuletzt bearbeitet 05.09.2025 14:00:07

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When lo...

5.3

CVE-2024-29025

Exploit
  • EPSS 0.26%
  • Veröffentlicht 25.03.2024 20:15:08
  • Zuletzt bearbeitet 19.09.2025 15:10:53

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items o...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.42%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 07.11.2025 19:00:41

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

6.5

CVE-2023-34462

Exploit
  • EPSS 1.18%
  • Veröffentlicht 22.06.2023 23:15:09
  • Zuletzt bearbeitet 21.11.2024 08:07:18

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When th...