Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.18 views

SUSE CVE-2026-42584

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103,...

5.6CVSS5.8AI score0.00633EPSS
Exploits1References4
NVD
NVD
added 2026/05/13 7:17 p.m.18 views

CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

7.5CVSS0.00455EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/13 7:17 p.m.14 views

CVE-2026-42586

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder RedisEncoder writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF \r\n characters. Since the...

7.1CVSS6.8AI score0.00198EPSS
Exploits1References2
CVE
CVE
added 2026/05/13 6:12 p.m.19 views

CVE-2026-42585

Netty CVE-2026-42585 affects Netty prior to versions 4.2.13.Final and 4.1.133.Final, where improper parsing of malformed Transfer-Encoding can enable HTTP request smuggling. Public advisories and OSV entries confirm the issue and that fixes are available in 4.2.13.Final and 4.1.133.Final. Affecte...

7.5CVSS5.8AI score0.00248EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/05/13 6:1 p.m.10 views

CVE-2026-42579

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...

9.1CVSS5.8AI score0.00818EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/13 6:0 p.m.6 views

CVE-2026-42577 Netty: epoll transport denial of service via RST on half-closed TCP connection

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

7.5CVSS5.8AI score0.00408EPSS
Exploits0References3
Rows per page
Query Builder