6112 matches found
SUSE CVE-2025-58057
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
CVE-2025-58057
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
DEBIAN-CVE-2025-58057
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
UBUNTU-CVE-2025-58057
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
...
[SECURITY] Fedora 41 Update: libsixel-1.10.5-3.fc41
An encoder/decoder implementation for DEC SIXEL graphics...
[SECURITY] Fedora 42 Update: libsixel-1.10.5-4.fc42
An encoder/decoder implementation for DEC SIXEL graphics...
Linux Distros Unpatched Vulnerability : CVE-2017-5502
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libjasper/jp2/jp2dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service crash via vectors involving left shift of a negative value...
Netty 安全漏洞
Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in Netty versions 4.1.124.Final and earlier and 4.2.4.Final and earlier, which stems fro...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the BrotliDecoder.decompress function, which has no limit on how often it calls pull, decompressing data 64K bytes at a time. An attacker can exhaust system memory and...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the BrotliDecoder.decompress functio...
CVE-2025-58057 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
CVE-2025-58057
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
CVE-2025-58057 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
CVE-2025-58057 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
Stack exhaustion in Decoder.Decode in encoding/gob
...
Netty's decoders vulnerable to DoS via zip bomb style attack
Summary With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. Details BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time...
GHSA-3P8M-J85Q-PGMJ Netty's decoders vulnerable to DoS via zip bomb style attack
Summary With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. Details BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time...
Linux Distros Unpatched Vulnerability : CVE-2016-4354
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service crash via crafted BER data...