Lucene search
K

7 matches found

Snyk
Snyk
added 2026/06/12 4:39 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in RedisArrayAggregator. An attacker who sends a small RESP array header declaring a very large element count can force the aggregator to reserve a large ArrayList via the...

8.7CVSS5.3AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 10:16 p.m.6 views

DEBIAN-CVE-2026-44890

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 10:16 p.m.11 views

CVE-2026-44890

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS0.00371EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 10:16 p.m.5 views

UBUNTU-CVE-2026-44890

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/08 7:1 p.m.7 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS in the RedisArrayAggregator function. An attacker can exhaust system memory by sending specially crafted Redis payloads containing deeply nested arrays, resulting in allocation of excessive state objects and...

8.7CVSS5.5AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 7:17 p.m.5 views

DEBIAN-CVE-2026-42586

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder RedisEncoder writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF \r\n characters. Since the...

7.1CVSS6AI score0.00198EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 6:20 p.m.10 views

CVE-2026-42586 Netty: CRLF Injection in Netty Redis Codec Encoder

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder RedisEncoder writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF \r\n characters. Since the...

6.8CVSS6AI score0.00198EPSS
Exploits1References1
Rows per page
Query Builder