4 matches found
SUSE CVE-2026-50011
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...
EUVD-2026-36467
Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length...
CVE-2026-50011
A flaw was found in Netty, a network application framework. The RedisArrayAggregator component pre-allocates memory based on the declared element count in a Redis array header. A remote attacker can exploit this by sending a small, malicious Redis array header that claims a huge initial capacity,...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS in the RedisArrayAggregator function. An attacker can exhaust system memory by sending specially crafted Redis payloads containing deeply nested arrays, resulting in allocation of excessive state objects and...