11 matches found
Denial Of Service (DoS)
Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper management of blocked streams in the HTTP/3 codec, which allows an attacker to create an unlimited number of blocked streams and exhaust memory, leading to an out-of-memory condition and service disruption...
Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion
Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...
GHSA-4GRM-H2QV-H6W6 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion
Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...
CVE-2026-48748
A flaw was found in Netty. A remote attacker can exploit a memory exhaustion vulnerability in the Netty HTTP/3 codec by creating an infinite number of blocked streams. This can lead to an Out Of Memory OOM error, resulting in a Denial of Service DoS for the affected system. Mitigation Mitigation...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in shouldWaitForDynamicTableUpdates in QpackDecoder. An attacker can open an indefinite number of persistently blocked streams by sending headers that reference dynamic table entries...
CVE-2026-48748
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...
UBUNTU-CVE-2026-48748
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...
CVE-2026-48748 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...
CVE-2026-48748
Netty HTTP/3 vulnerability CVE-2026-48748: a memory-exhaustion flaw in the Netty HTTP/3 codec prior to 4.2.15.Final allows an infinite number of blocked streams, leading to OOM. The issue is fixed in Netty version 4.2.15.Final. Affected component: Netty’s HTTP/3 codec. Root cause: unbounded block...
CVE-2026-48748 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...
PT-2026-48900
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description A memory exhaustion issue exists in the Netty HTTP/3 codec. This flaw allows for the creation of an infinite number of blocked streams, which can lead to an Out of Memory OOM error, resulting in...