CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

410 matches found

RedhatCVE•added 2026/03/30 4:43 p.m.•3 views

CVE-2026-33871

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

8.7CVSS5.9AI score0.00604EPSS

Exploits0References4

Veracode•added 2026/03/28 5:14 a.m.•3 views

Denial Of Service

Netty is vulnerable to Denial of Service. The vulnerability is due to the lack of a limit on the number of CONTINUATION frames in Netty's DefaultHttp2FrameReader, where an attacker can send a flood of CONTINUATION frames with zero-byte payloads, bypassing existing size-based mitigations and causi...

8.7CVSS5.9AI score0.00604EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2026/03/28 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-33871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of...

8.7CVSS6.8AI score0.00604EPSS

Exploits0References3

OSV•added 2026/03/27 8:16 p.m.•3 views

DEBIAN-CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

7.5CVSS8.4AI score0.00604EPSS

Exploits0References1

NVD•added 2026/03/27 8:16 p.m.•2 views

CVE-2026-33871

8.7CVSS0.00604EPSS

Exploits0References1

UbuntuCve•added 2026/03/27 8:16 p.m.•2 views

CVE-2026-33871

8.7CVSS5.9AI score0.00604EPSS

Exploits0References2

OSV•added 2026/03/27 8:16 p.m.•3 views

UBUNTU-CVE-2026-33871

8.7CVSS5.9AI score0.00604EPSS

Exploits0References3

OSV•added 2026/03/27 7:55 p.m.•2 views

CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

8.7CVSS5.9AI score0.00604EPSS

Exploits0References3

ATTACKERKB•added 2026/03/27 7:55 p.m.•4 views

CVE-2026-33871

8.7CVSS5.9AI score0.00604EPSS

Exploits0References2Affected Software1

EUVD•added 2026/03/27 7:55 p.m.•1 views

EUVD-2026-16790

8.7CVSS5.9AI score0.00604EPSS

Exploits0References1

Vulnrichment•added 2026/03/27 7:55 p.m.•2 views

CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

8.7CVSS5.9AI score0.00604EPSS

Exploits0References1

CVE•added 2026/03/27 7:55 p.m.•496 views

CVE-2026-33871

CVE-2026-33871 affects Netty, an asynchronous event-driven network framework. The issue occurs when a remote attacker floods an HTTP/2 server with CONTINUATION frames, exploiting an unlimited frame-count and bypassing size-based mitigations with zero-byte frames. This can cause high CPU usage and...

8.7CVSS5.9AI score0.00604EPSS

Exploits0References1Affected Software1

Debian CVE•added 2026/03/27 7:55 p.m.•6 views

CVE-2026-33871

8.7CVSS8.4AI score0.00604EPSS

Exploits0

CNNVD•added 2026/03/27 12:0 a.m.•2 views

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.132.Final and 4.2.10.Final contained security vulnerabilities. These vulnerabilities...

8.7CVSS6.8AI score0.00604EPSS

Exploits0References1

OSV•added 2026/03/26 6:49 p.m.•3 views

GHSA-W9FJ-CFPG-GRVV Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Summary A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of CONTINUATION frames, combined with a bypass of existing size-based mitigations using zero-byte frames, allows an user to...

8.7CVSS6AI score0.00604EPSS

Exploits0References3

Github Security Blog•added 2026/03/26 6:49 p.m.•35 views

Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

8.7CVSS5.9AI score0.00604EPSS

Exploits0References3Affected Software1

OSV•added 2026/03/23 10:38 p.m.•3 views

JLSEC-2026-4 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS5.8AI score0.8496EPSS

Exploits1References18

Rosalinux•added 2026/02/16 7:27 a.m.•9 views

Advisory ROSA-SA-2026-3157

Software: nghttp2 1.57.0 OS: ROSA Virtualization 3.1 unaffected versions = nghttp2-1.57.0-2.0.2.rv31 affected versions nghttp2-1.57.0-2.0.2.rv31 CVE-ID: CVE-2024-28182 BDU-ID: 2024-02691 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nghttp2 library as part of the HTTP/2 protocol implementati...

5.3CVSS6.9AI score0.8496EPSS

Exploits1

Tenable Nessus•added 2026/01/20 12:0 a.m.•7 views

MiracleLinux 8 : nghttp2-1.33.0-6.el8_10.1 (AXSA:2024-8517:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8517:02 advisory. nghttp2: CONTINUATION frames DoS CVE-2024-28182 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note...

5.3CVSS8.2AI score0.8496EPSS

Exploits1References2

OSV•added 2025/12/10 3:44 p.m.•2 views

CLSA-2025-1765381441 nghttp2: Fix of CVE-2024-28182

CVE-2024-28182: fix continuation frame floods via frame count limiting...

5.3CVSS7AI score0.8496EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by