CVE-2026-48043 netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

EUVD-2026-36494

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

CVE-2026-48043

Netty CVE-2026-48043 affects netty-codec-http2 before 4.1.135.Final and 4.2.15.Final. A flaw in DelegatingDecompressorFrameListener uses a per-stream EmbeddedChannel to decompress frames (gzip/deflate/zstd) and forwards chunks to a tail handler; decompressed ByteBuf ownership is not robust, allow...

CVE-2026-48043 netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Impact The DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the appropriate decompression codec gzip, deflate, zstd and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled ByteBuf...

CVE-2026-48040

The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP RFC 9458 using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations versions prior to 0.0.22.Final provide a fallback path for direct...

CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

CVE-2026-48040

The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP RFC 9458 using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations versions prior to 0.0.22.Final provide a fallback path for direct...

CVE-2026-48040 netty-incubator-codec-ohttp's Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access

The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP RFC 9458 using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations versions prior to 0.0.22.Final provide a fallback path for direct...

CVE-2026-48040

The CVE-2026-48040 entry concerns netty-incubator-codec.bhttp prior to 0.0.22.Final, where a fallback path for direct ByteBufs is taken when Unsafe is unavailable. Under these conditions, an unauthenticated network attacker can trigger cryptographic operations via crafted OHTTP requests, causing ...

CVE-2023-34462

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle...

CVE-2023-34462

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle...

netty-handler SniHandler 16MB allocation

Summary The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the SniHandler to allocate 16MB of heap. Details The SniHandler class is a handler that waits...

GHSA-6MJQ-H674-J845 netty-handler SniHandler 16MB allocation

Summary The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the SniHandler to allocate 16MB of heap. Details The SniHandler class is a handler that waits...

net.hasor:cobble-bytebuf (>=4.5.0 <=4.6.1), net.hasor:cobble-dynamic (>=4.4.1 <=4.6.2) +2 more potentially affected by CVE-2021-29425 via net.hasor:cobble-lang (>=4.4.1 <=4.6.2)

net.hasor:cobble-lang MAVEN version =4.4.1, =4.5.0, =4.4.1, =4.4.2, =4.4.1, =4.6.2 Source cves: CVE-2021-29425 Source advisory: OSV:GHSA-GWRP-PVRQ-JMWV...