Lucene search
K

11 matches found

Veracode
Veracode
added 2026/06/16 7:23 p.m.8 views

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper management of blocked streams in the HTTP/3 codec, which allows an attacker to create an unlimited number of blocked streams and exhaust memory, leading to an out-of-memory condition and service disruption...

7.5CVSS5.2AI score0.00366EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/06/15 8:43 p.m.7 views

GHSA-4GRM-H2QV-H6W6 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 8:43 p.m.10 views

Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.13 views

CVE-2026-48748

A flaw was found in Netty. A remote attacker can exploit a memory exhaustion vulnerability in the Netty HTTP/3 codec by creating an infinite number of blocked streams. This can lead to an Out Of Memory OOM error, resulting in a Denial of Service DoS for the affected system. Mitigation Mitigation...

7.5CVSS5AI score0.00366EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/12 4:39 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in shouldWaitForDynamicTableUpdates in QpackDecoder. An attacker can open an indefinite number of persistently blocked streams by sending headers that reference dynamic table entries...

8.7CVSS5.3AI score0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.14 views

CVE-2026-48748

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...

7.5CVSS0.00366EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 4:16 p.m.4 views

UBUNTU-CVE-2026-48748

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/12 2:45 p.m.10 views

CVE-2026-48748 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 2:45 p.m.34 views

CVE-2026-48748 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...

7.5CVSS0.00366EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 2:45 p.m.38 views

CVE-2026-48748

Netty HTTP/3 vulnerability CVE-2026-48748: a memory-exhaustion flaw in the Netty HTTP/3 codec prior to 4.2.15.Final allows an infinite number of blocked streams, leading to OOM. The issue is fixed in Netty version 4.2.15.Final. Affected component: Netty’s HTTP/3 codec. Root cause: unbounded block...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48900

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description A memory exhaustion issue exists in the Netty HTTP/3 codec. This flaw allows for the creation of an infinite number of blocked streams, which can lead to an Out of Memory OOM error, resulting in...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References6
Rows per page
Query Builder