Linux Distros Unpatched Vulnerability : CVE-2026-44249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an...

Linux Distros Unpatched Vulnerability : CVE-2026-50020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the...

DEBIAN-CVE-2026-44249

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...

CVE-2026-44249

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...

UBUNTU-CVE-2026-44249

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...

UBUNTU-CVE-2026-44250

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

EUVD-2026-36357

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

EUVD-2026-36356

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

CVE-2026-44250

CVE-2026-44250 describes memory exhaustion DoS in Netty’s RedisArrayAggregator. Affected: io.netty:netty-codec-redis in versions prior to 4.1.135.Final and 4.2.15.Final. Root cause: processing of deeply nested Redis arrays from a crafted payload causes unbounded AggregateState/ArrayList allocatio...

CVE-2026-44249 Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...

EUVD-2026-36327

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...

CLEANSTART-2026-EG39405 Netty is an asynchronous, event-driven network application framework

Multiple security vulnerabilities affect the trino package. Netty is an asynchronous, event-driven network application framework. See references for individual vulnerability details...

CLEANSTART-2026-AO11810 Netty is an asynchronous, event-driven network application framework

Multiple security vulnerabilities affect the apache-zookeeper package. Netty is an asynchronous, event-driven network application framework. See references for individual vulnerability details...

PT-2026-48809

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description The HAProxy PROXY protocol v2 codec leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested PP2...

netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...

PT-2026-47614

Name of the Vulnerable Software and Affected Versions Netty ionetty:netty-resolver-dns affected versions not specified Description Insufficient validation of the bailiwick of NS records in DnsResolveContext allows for DNS Cache Poisoning. An attacker controlling an authoritative name server for a...

CVE-2026-42586

A flaw was found in Netty, an asynchronous, event-driven network application framework. The Netty Redis codec encoder RedisEncoder does not properly validate or sanitize user-controlled string content for CRLF Carriage Return Line Feed characters. A remote attacker, by controlling the content of ...

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-361...

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of netty-codec-http

Summary Due to use of netty-codec-http, DevOps Test Performance and Rational Performance Tester contain potential HTTP Request Smuggling and Uncontrolled Resource Consumption vulnerabilities. Vulnerability Details CVEID:CVE-2026-42580 DESCRIPTION: Netty is an asynchronous, event-driven network...

SUSE CVE-2026-42579

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...