CVE-2026-47244
- EPSS 0.29%
- Veröffentlicht 12.06.2026 14:23:50
- Zuletzt bearbeitet 15.06.2026 02:11:37
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAX_VALUE, and Http2...
CVE-2026-46340
- EPSS 0.37%
- Veröffentlicht 12.06.2026 14:19:48
- Zuletzt bearbeitet 30.06.2026 03:20:21
Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does `fragments.put(streamId...
- EPSS 0.22%
- Veröffentlicht 12.06.2026 14:17:50
- Zuletzt bearbeitet 03.07.2026 13:17:20
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions...
CVE-2026-45673
- EPSS 0.26%
- Veröffentlicht 12.06.2026 14:16:03
- Zuletzt bearbeitet 15.06.2026 02:14:01
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP s...
- EPSS 0.14%
- Veröffentlicht 12.06.2026 14:12:48
- Zuletzt bearbeitet 15.06.2026 02:14:53
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_unix_socket_recvFd sets msg_control to `char control[CMSG_SPACE(sizeof(int))]` (line 940) — 24 bytes on ...
CVE-2026-45416
- EPSS 0.46%
- Veröffentlicht 12.06.2026 14:10:05
- Zuletzt bearbeitet 03.07.2026 13:17:20
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit in...
CVE-2026-44894
- EPSS 0.14%
- Veröffentlicht 12.06.2026 14:06:54
- Zuletzt bearbeitet 30.06.2026 03:20:02
Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken() returns false (server will no...
CVE-2026-44893
- EPSS 0.59%
- Veröffentlicht 12.06.2026 14:00:25
- Zuletzt bearbeitet 09.07.2026 13:17:19
Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.reta...
CVE-2026-44892
- EPSS 0.28%
- Veröffentlicht 12.06.2026 05:16:32
- Zuletzt bearbeitet 15.06.2026 02:30:19
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the `Http3ConnectionHandler` in the Netty HTTP/3 codec lacks an enforced maximum header size limit. ...
CVE-2026-44890
- EPSS 0.37%
- Veröffentlicht 11.06.2026 20:52:50
- Zuletzt bearbeitet 30.06.2026 03:20:01
Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections w...