Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.8 views

CVE-2026-44890

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending specially crafted Redis payloads across multiple connections without proper termination. This can exhaust the server's direct memory pool, leading to a Denial of Service DoS condition where legitima...

7.5CVSS5AI score0.00371EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.10 views

SUSE CVE-2026-44890

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:36 p.m.27 views

CVE-2026-48006 Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

8.7CVSS0.00489EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:36 p.m.12 views

CVE-2026-48006 Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

8.7CVSS5.3AI score0.00489EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/11 1:26 p.m.7 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper cleanup of pooled direct-memory buffers in the RedisArrayAggregator function. An attacker can exhaust the JVM-wide direct-memory pool by repeatedly opening and closing...

8.7CVSS5.5AI score0.00489EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/11 1:26 p.m.13 views

Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Impact The RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate completes. The handler retains child messages in per-handler state depths field but defines no channelInactive, handlerRemoved, or...

8.7CVSS5.5AI score0.00489EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder