The vulnerability of the frame decoding function in the Netty network programming framework allows a hacker to trigger a service failure.

The vulnerability of the frame decoding function in the Netty network programming framework is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the Netty network programming framework lies in its improper handling of control characters, which allows attackers to compromise the integrity of the protected information.

The vulnerability of the Netty network programming framework is related to incorrect processing of control characters. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of the protected information...

The vulnerability of the Netty network programming framework is related to errors during the verification of TLS certificates, which allow attackers to carry out “man-in-the-middle” attacks.

The vulnerability of the Netty network programming framework is related to errors during the verification of TLS certificates. Exploiting this vulnerability allows a remote attacker to carry out a “man-in-the-middle” attack...

CVE-2023-45146

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

Remote code execution

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

CVE-2023-45146 Remote code execution in XXL-RPC

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

CVE-2023-45146

CVE-2023-45146 affects XXL-RPC’s Netty-based TCP server using Hessian serialization. The root cause is insecure deserialization of untrusted objects, allowing an attacker to remotely supply malicious serialized data that, when deserialized, leads to arbitrary code execution and full machine takeo...

CVE-2023-42809

Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...

The vulnerability of the Bzip2Decoder decoder in the Netty network programming framework allows a hacker to cause a service failure.

The vulnerability of the Bzip2Decoder decoder in the Netty network programming framework is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the SniHandler component in the Netty network programming framework, which allows a hacker to trigger a service failure.

The vulnerability of the SniHandler component in the Netty network programming framework is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2023-34462 netty-handler SniHandler 16MB allocation

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle...

SUSE CVE-2021-21295

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a...

DEBIAN-CVE-2022-41915

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling DefaultHttpHeadesr.set with an iterator of values, header value validation was not performed, allowing malicious header values in the iterator to...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

UBUNTU-CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

CVE-2022-24823 Local Information Disclosure Vulnerability in io.netty:netty-codec-http

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. Netty suffers from an environment issue vulnerability that stems from not removing vulnerable maven packages from image conten...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

The vulnerability of the Http2MultiplexHandler class in the Netty network programming framework is related to a lack of interpretation for HTTP requests. This vulnerability allows attackers to compromise data integrity.

The vulnerability of the Http2MultiplexHandler class in the Netty network programming framework is related to improper handling of requests during the conversion from HTTP/2 to HTTP/1.1. Exploiting this vulnerability allows an attacker to compromise data integrity...

The vulnerability of the Netty network programming framework lies in the lack of proper interpretation of HTTP requests, which allows attackers to compromise data integrity.

The vulnerability of the Netty network programming framework is related to a lack of proper interpretation of HTTP requests. Exploiting this vulnerability allows an attacker to compromise data integrity from a remote location...