Netty

Netty

27 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-41881

Exploit
  • EPSS 0.08%
  • Published 12.12.2022 18:15:12
  • Last modified 21.11.2024 07:23:58

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version...

5.5

CVE-2022-24823

Exploit
  • EPSS 0.29%
  • Published 06.05.2022 12:15:08
  • Last modified 21.11.2024 06:51:10

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local in...

6.5

CVE-2021-43797

  • EPSS 0.18%
  • Published 09.12.2021 19:15:07
  • Last modified 21.11.2024 06:29:48

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / en...

7.5

CVE-2021-37137

  • EPSS 0.6%
  • Published 19.10.2021 15:15:07
  • Last modified 21.11.2024 06:14:43

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well...

7.5

CVE-2021-37136

  • EPSS 0.23%
  • Published 19.10.2021 15:15:07
  • Last modified 21.11.2024 06:14:42

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an...

5.9

CVE-2021-21409

  • EPSS 4.98%
  • Published 30.03.2021 15:15:14
  • Last modified 21.11.2024 05:48:17

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerabi...

5.9

CVE-2021-21295

  • EPSS 0.96%
  • Published 09.03.2021 19:15:12
  • Last modified 21.11.2024 05:47:57

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerabi...

5.5

CVE-2021-21290

Exploit
  • EPSS 0.02%
  • Published 08.02.2021 20:15:12
  • Last modified 21.11.2024 05:47:56

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems inv...

7.5

CVE-2020-11612

  • EPSS 1.85%
  • Published 07.04.2020 18:15:13
  • Last modified 21.11.2024 04:58:14

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free m...

9.1

CVE-2019-20445

Exploit
  • EPSS 0.96%
  • Published 29.01.2020 21:15:11
  • Last modified 21.11.2024 04:38:30

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.