Netty

Netty

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-24970

Medienbericht Exploit
  • EPSS 0.95%
  • Veröffentlicht 10.02.2025 22:15:38
  • Zuletzt bearbeitet 05.09.2025 17:20:12

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validati...

5.5

CVE-2025-25193

  • EPSS 0.1%
  • Veröffentlicht 10.02.2025 22:15:38
  • Zuletzt bearbeitet 11.06.2025 15:36:22

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windo...

5.5

CVE-2024-47535

Exploit
  • EPSS 0.47%
  • Veröffentlicht 12.11.2024 16:15:22
  • Zuletzt bearbeitet 05.09.2025 14:00:07

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When lo...

5.3

CVE-2024-29025

Exploit
  • EPSS 0.34%
  • Veröffentlicht 25.03.2024 20:15:08
  • Zuletzt bearbeitet 19.09.2025 15:10:53

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items o...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.4%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 12.05.2026 15:10:32

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

6.5

CVE-2023-34462

Exploit
  • EPSS 1%
  • Veröffentlicht 22.06.2023 23:15:09
  • Zuletzt bearbeitet 21.11.2024 08:07:18

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When th...

6.5

CVE-2022-41915

Exploit
  • EPSS 0.44%
  • Veröffentlicht 13.12.2022 07:15:13
  • Zuletzt bearbeitet 21.11.2024 07:24:03

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, al...

7.5

CVE-2022-41881

Exploit
  • EPSS 0.45%
  • Veröffentlicht 12.12.2022 18:15:12
  • Zuletzt bearbeitet 21.11.2024 07:23:58

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version...

5.5

CVE-2022-24823

Exploit
  • EPSS 0.4%
  • Veröffentlicht 06.05.2022 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:51:10

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local in...

6.5

CVE-2021-43797

  • EPSS 0.38%
  • Veröffentlicht 09.12.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:29:48

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / en...