5 matches found
CVE-2026-44248 Netty: Resource exhaustion in MqttDecoder
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...
CVE-2026-44248 vulnerabilities
Vulnerabilities for packages: thingsboard, management-api-for-apache-cassandra-5.0, trino, apache-activemq-artemis, druid, tez, celeborn...
ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2588 more potentially affected by CVE-2026-44248 via io.netty:netty-codec-mqtt (>=4.1.100.Final <=4.1.132.Final)
io.netty:netty-codec-mqtt MAVEN version =4.1.100.Final, =0.0.86, =0.0.86, =0.0.86, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.0.1, =2.0.24, =1.1.9, =0.0.1, =0.0.9 and more Source cves: CVE-2026-44248 Source advisory: OSV:GHSA-JFG9-48MV-9QGX...
ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +388 more potentially affected by CVE-2026-44248 via io.netty:netty-codec-mqtt (>=4.2.0.Alpha1 <=4.2.12.Final)
io.netty:netty-codec-mqtt MAVEN version =4.2.0.Alpha1, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =0.2.2, =0.2.4 and more Source cves: CVE-2026-44248 Source advisory: OSV:GHSA-JFG9-48MV-9QGX...
ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2588 more potentially affected by CVE-2026-44248 via io.netty:netty-codec-mqtt (>=4.1.100.Final <=4.1.132.Final)
io.netty:netty-codec-mqtt MAVEN version =4.1.100.Final, =0.0.86, =0.0.86, =0.0.86, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.0.1, =2.0.24, =1.1.9, =0.0.1, =0.0.9 and more Source cves: CVE-2026-44248 Source advisory: SNYK:JAVA-IONETTY-16439015...