Security Bulletin: Rational Performance Tester contains vulnerabilities related to the Netty framework

Summary Due to the use of Netty, Rational Performance Tester contains vulnerabilities that could allow HTTP request smuggling or a denial of service attack. CVE-2025-58056, CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network...

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics Advanced Certified Containers

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Advanced Certified Containers 3.1.2. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Netty codec (CVE-2025-58057)

Summary A vulnerability in Netty codec that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol serve...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple vulnerabilities in Netty (CVE-2025-58056, CVE-2025-58057)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the agent-server-relay communication system and is affected by CVE-2025-58056, CVE-2025-58057. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framewo...

ROS-20251002-02

A vulnerability in the Netty networking software is associated with incorrect validation of HTTP/1.1 requests. Exploitation of the vulnerability could allow an attacker acting remotely to perform spoofing attacks against HTTP requests. HTTP requests A vulnerability in the Netty networking softwar...

Denial Of Service (DoS)

Netty is vulnerable to Denial Of Service DoS. The vulnerability is due to the BrotliDecoder and certain decompression decoders allocating a large number of reachable byte buffers when processing specially crafted input, eventually leading to out-of-memory conditions...

CVE-2025-58057

CVE-2025-58057 is a Netty vulnerability where, in affected releases of netty-codec-compression (≤ 4.1.124.Final) and netty-codec (≤ 4.2.4.Final), specially crafted input can cause BrotliDecoder and related decoders to allocate a large number of reachable byte buffers, leading to denial of service...

PT-2023-35969 · Unknown +1 · Libbrotlidec +1

Name of the Vulnerable Software and Affected Versions: Exiv2 affected versions not specified Description: The issue is related to a crash caused by a container-overflow write in the BrotliDecoderDecompressStream function, which is called by Exiv2::BmffImage::brotliUncompress. This crash occurs in...