Netty

Netty

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-37137

  • EPSS 2.38%
  • Veröffentlicht 19.10.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:14:43

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well...

7.5

CVE-2021-37136

  • EPSS 1.19%
  • Veröffentlicht 19.10.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:14:42

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an...

5.9

CVE-2021-21409

  • EPSS 2.55%
  • Veröffentlicht 30.03.2021 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:48:17

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerabi...

5.9

CVE-2021-21295

  • EPSS 0.38%
  • Veröffentlicht 09.03.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:47:57

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerabi...

5.5

CVE-2021-21290

Exploit
  • EPSS 0.03%
  • Veröffentlicht 08.02.2021 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:47:56

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems inv...

7.5

CVE-2020-11612

  • EPSS 4.33%
  • Veröffentlicht 07.04.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 04:58:14

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free m...

9.1

CVE-2019-20445

Exploit
  • EPSS 2.65%
  • Veröffentlicht 29.01.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:30

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

9.1

CVE-2019-20444

Exploit
  • EPSS 14.03%
  • Veröffentlicht 29.01.2020 21:15:11
  • Zuletzt bearbeitet 01.07.2025 18:15:23

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

7.5

CVE-2020-7238

Exploit
  • EPSS 1.5%
  • Veröffentlicht 27.01.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:36:53

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869...

7.5

CVE-2019-16869

Exploit
  • EPSS 14.99%
  • Veröffentlicht 26.09.2019 16:15:11
  • Zuletzt bearbeitet 07.07.2025 17:15:26

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.