Denial Of Service

Netty is vulnerable to Denial of Service. The vulnerability is due to the lack of a limit on the number of CONTINUATION frames in Netty's DefaultHttp2FrameReader, where an attacker can send a flood of CONTINUATION frames with zero-byte payloads, bypassing existing size-based mitigations and causi...

Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Summary A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of CONTINUATION frames, combined with a bypass of existing size-based mitigations using zero-byte frames, allows an user to...

GHSA-W9FJ-CFPG-GRVV Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Summary A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of CONTINUATION frames, combined with a bypass of existing size-based mitigations using zero-byte frames, allows an user to...