Lucene search
K

2062 matches found

NVD
NVD
added 2026/06/12 4:16 p.m.13 views

CVE-2026-48059

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

8.7CVSS0.00606EPSS
Exploits0References10
NVD
NVD
added 2026/06/12 3:16 p.m.10 views

CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS0.00594EPSS
Exploits0References10
OSV
OSV
added 2026/06/12 3:16 p.m.5 views

UBUNTU-CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00594EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/12 2:42 p.m.8 views

CVE-2026-48059 Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

8.7CVSS5.6AI score0.00606EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:42 p.m.29 views

CVE-2026-48059 Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

8.7CVSS0.00606EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:42 p.m.71 views

CVE-2026-48059

Netty HAProxy: In Netty’s HAProxy PROXY protocol v2 codec, a memory leak occurs on each connection when a syntactically valid nested PP2_TYPE_SSL TLV (depth ≥ 2) is provided. This affects Netty versions 4.1.135.Final and 4.2.15.Final. The leak happens on the successful parse path: the message is ...

8.7CVSS5.5AI score0.00606EPSS
Exploits0References10Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 2:0 p.m.10 views

CVE-2026-44893 Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00594EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:0 p.m.11 views

EUVD-2026-36432

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:0 p.m.30 views

CVE-2026-44893 Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS0.00594EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:0 p.m.109 views

CVE-2026-44893

Netty CVE-2026-44893 affects netty-codec-haproxy prior to 4.1.135.Final and 4.2.15.Final. During PP2_TYPE_SSL TLV decoding, HAProxyMessage.readNextTLV() retains a slice before reading the client (1 byte) and verify (4 bytes). If TLV length

7.5CVSS5.4AI score0.00594EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2026/06/12 1:57 p.m.9 views

Memory Leak

io.netty, netty-codec-haproxy is vulnerable to a memory leak.The vulnerability is due to improper handling of nested PP2TYPESSL TLVs during successful parsing, which leaves the underlying pooled ByteBuf permanently pinned in memory, allowing an attacker to repeatedly send crafted valid headers an...

8.7CVSS5.2AI score0.00606EPSS
Exploits0References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. In netty-codec- haproxy prior to versions 4.1.135.Final and...

7.5CVSS5.6AI score0.00594EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY...

8.7CVSS5.6AI score0.00606EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/11 8:19 p.m.7 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the parsing process of nested PP2TYPESSL TLVs within the HAProxy PROXY protocol v2 codec. An attacker can cause memory exhaustion by sending syntactically valid headers containing...

8.7CVSS5.6AI score0.00606EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/11 8:19 p.m.12 views

Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion

Impact The HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested PP2TYPESSL TLVs type-length-value records at depth two or greater. The leak occurs on the successful parse path — no exception is...

8.7CVSS5.7AI score0.00606EPSS
Exploits0References12Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.9 views

CVE-2026-45558

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

9.9CVSS6.5AI score0.00439EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.11 views

PT-2026-48809

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description The HAProxy PROXY protocol v2 codec leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested PP2...

8.7CVSS5.2AI score0.00606EPSS
Exploits0References39
Cvelist
Cvelist
added 2026/06/10 3:38 p.m.30 views

CVE-2026-45569 Roxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 "Expand validation to block .. in configfilename and configver for improved security" added a line in app/modules/config/config.py:462. This is tuple-membership, no...

8.1CVSS0.00316EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 3:37 p.m.12 views

EUVD-2026-36064

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches...

8.3CVSS5.5AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 3:16 p.m.13 views

CVE-2026-45561

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/version,uptime,status,checks/ family of routes takes the URL path component verbatim into requests.getf'http://serverip:agentport/...'. The path component is...

6.5CVSS0.00218EPSS
Exploits0References1
Rows per page
Query Builder