GHSA-RWM7-X88C-3G2P Netty epoll transport denial of service via RST on half-closed TCP connection

Summary Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100% CPU busy-loop in the event loop thread. Affected versions All versions of 4.2.x...

Netty epoll transport denial of service via RST on half-closed TCP connection

Summary Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100% CPU busy-loop in the event loop thread. Affected versions All versions of 4.2.x...

PT-2026-38280

Name of the Vulnerable Software and Affected Versions Netty versions 4.2.0.Final through 4.2.12.Final Description Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed. This occurs when a connection has ALLOW HALF CLOSURE enabled or is in a...

CVE-2025-58369

CVE-2025-58369 affects fs2 (Scala) with fs2-io TLS on the JVM. The vulnerability exists in versions up to 2.5.12, 3.0.0-M1…3.12.2, and 3.13.0-M1…3.13.0-M6, where during TLS handshake a peer that shuts down write while the other side awaits data can spin the socket read, causing high CPU usage and...

CVE-2025-58369 fs2: Half-shutdown of socket during TLS handshake may result in spin loop on opposite side

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

PT-2025-36633

Impact When establishing a TLS session using fs2-io on the JVM using the fs2.io.net.tls package, if one side of the connection shuts down write while the peer side is awaiting more data to progress the TLS handshake, the peer side will spin loop on the socket read, fully utilizing a CPU. This CPU...

OracleVM 3.4 : xen (OVMSA-2021-0020)

The remote OracleVM system is missing necessary patches to address security updates: - Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2021-0089 - Potential speculative code store bypass in a...

Debian DLA-2463-1 : samba security update

Multiple vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. CVE-2020-1472 Unauthenticated domain controller compromise by subverting Netlogon cryptography. This vulnerability includes both ZeroLogon and non-ZeroLogon variations. CVE-2020-10704 An...

MGASA-2020-0289 Updated samba packages fix security vulnerability

Updated samba packages fix security vulnerabilities: Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2020-10730. Douglas Bagnall...

Samba 4.x < 4.10.17 / 4.11.x < 4.11.11 / 4.12.x < 4.12.4 Multiple Vulnerabilities

The version of Samba running on the remote host is 4.x prior to 4.10.17, 4.11.x prior to 4.11.11, or 4.12.x prior to 4.12.4. It is, therefore, affected by multiple vulnerabilities, including the following: - The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process further requests...

Debian DSA-3433-1 : samba - security update

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-3223 Thilo Uttendorfer of Linux Information Systems AG discovered that a malicious request can...