3 matches found
CVE-2026-44891 Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder
Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...
Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder
Summary The StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, allowing an attacker to cause an OutOfMemoryError, leading to a Denial of Service. Details io.netty.handler.codec.stomp.StompSubframeDecoder implements the STOMP protocol. The...
GHSA-VHCH-2WF3-M8RP Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder
Summary The StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, allowing an attacker to cause an OutOfMemoryError, leading to a Denial of Service. Details io.netty.handler.codec.stomp.StompSubframeDecoder implements the STOMP protocol. The...