Netty

Netty

27 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-58057

Media report Exploit
  • EPSS 0.02%
  • Published 03.09.2025 21:46:49
  • Last modified 08.09.2025 16:45:55

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final a...

7.5

CVE-2025-58056

Media report Exploit
  • EPSS 0.02%
  • Published 03.09.2025 20:56:50
  • Last modified 08.09.2025 16:46:36

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone n...

7.5

CVE-2025-55163

Media report Exploit
  • EPSS 0.08%
  • Published 13.08.2025 14:17:36
  • Last modified 10.09.2025 14:48:03

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 contro...

5.5

CVE-2025-25193

  • EPSS 0.12%
  • Published 10.02.2025 22:15:38
  • Last modified 11.06.2025 15:36:22

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windo...

7.5

CVE-2025-24970

Media report Exploit
  • EPSS 0.24%
  • Published 10.02.2025 22:15:38
  • Last modified 05.09.2025 17:20:12

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validati...

5.5

CVE-2024-47535

Exploit
  • EPSS 0.02%
  • Published 12.11.2024 16:15:22
  • Last modified 05.09.2025 14:00:07

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When lo...

5.3

CVE-2024-29025

Exploit
  • EPSS 0.25%
  • Published 25.03.2024 20:15:08
  • Last modified 19.09.2025 15:10:53

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items o...

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

6.5

CVE-2023-34462

Exploit
  • EPSS 0.56%
  • Published 22.06.2023 23:15:09
  • Last modified 21.11.2024 08:07:18

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When th...

6.5

CVE-2022-41915

Exploit
  • EPSS 0.24%
  • Published 13.12.2022 07:15:13
  • Last modified 21.11.2024 07:24:03

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, al...