CVE-2023-45146

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

Atlassian Confluence 7.19.x < 8.5.20 / 8.6.x < 9.2.2 / 9.3.x < 9.3.2 DoS (CONFSERVER-99540)

The version of Atlassian Confluence Server running on the remote host is affected by a denial of service vulnerability as referenced in the CONFSERVER-99540 advisory. - Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and pri...

Security Bulletin: Vulnerabilities in dependencies affect IBM Voice Gateway

Summary Security Vulnerabilities in dependencies affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and...

Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to vulnerable to a denial of service due to Netty.

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to vulnerable to a denial of service due to Netty.. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchrono...

Security Bulletin: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients (CVE-2024-47535) affects IBM PowerVM Novalink.

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients is used by IBM PowerVM Novalink. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on...

The vulnerability of the Netty network programming framework lies in improper validation of input data, which allows attackers to trigger service failures.

The vulnerability of the Netty network programming framework is related to insufficient validation of the data entered by the user in the SslHandler when using the own SSLEngine. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 291 Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...

Security Bulletin: Due to the use of Netty, IBM WebSphere eXtreme Scale Liberty Deployment on Microsoft Windows is vulnerable to denial of service.

Summary The YAJSW component is used to register XSLD services. An insecure Netty JAR is bundled within YAJSW impacts XSLD on Microsoft Windows operating system. This is remediated in the YAJSW v13.14 release, and for WXS through application of the ifix for PH65615. Vulnerability Details...

The vulnerability of the BufferedReader.readLine() function in the Netty network programming framework, which allows a hacker to cause a service failure.

The vulnerability of the BufferedReader.readLine function in the Netty network programming framework is related to uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause a service failure...

LocalS3 代码问题漏洞

LocalS3 is a Netty-based implementation of the Amazon S3 service by Luo's personal developer. A code issue vulnerability exists in LocalS3 versions prior to 1.21, which stems from the presence of an XML external entity injection vulnerability that could lead to a server-side request forgery attac...

Linux Distros Unpatched Vulnerability : CVE-2025-24970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. Whe...

Linux Distros Unpatched Vulnerability : CVE-2024-29025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The...

Linux Distros Unpatched Vulnerability : CVE-2023-34462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The...

XXL-RPC Deserialization of Untrusted Data vulnerability

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

GHSA-F984-3WX8-GRP9 XXL-RPC Deserialization of Untrusted Data vulnerability

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

GHSA-4HVC-QWR2-F8RV Redisson vulnerable to Deserialization of Untrusted Data

Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...

DEBIAN-CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

UBUNTU-CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

OESA-2023-1906 netty security update

Asynchronous event-driven network application Java framework. Security Fixes: Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion...

OESA-2023-1905 netty security update

Asynchronous event-driven network application Java framework. Security Fixes: Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion...