Lucene search
K

61 matches found

RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted LZ4 compressed data stream. This can cause the Lz4FrameDecoder to allocate a large amount of memory up to 32 MB per block before...

7.5CVSS5.9AI score0.00429EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.15 views

CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS6.8AI score0.00429EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/01 10:29 a.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper configuration of the LengthFieldBasedFrameDecoder value. An attacker can cause the application to exhaust JVM heap memory and disrupt service availability by sending...

8.7CVSS5.5AI score0.0058EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 7:57 a.m.10 views

CVE-2026-49361 Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability

Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...

5.8AI score0.0058EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 7:57 a.m.12 views

EUVD-2026-33600

Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...

7.5CVSS5.8AI score0.0058EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 7:57 a.m.3 views

CVE-2026-49361 Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability

Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...

7.5CVSS6AI score0.0058EPSS
Exploits0References4
OSV
OSV
added 2026/05/25 7:30 a.m.9 views

CLSA-2026-1779694248 mpg123: Fix of CVE-2024-10573

CVE-2024-10573: Out-of-bounds write during PCM decoding of crafted streams could lead to heap corruption and potential arbitrary code execution; decode the MPEG header into a temporary copy that is only applied to the live handle after the frame body is validated upstream svn-r5442, main fix, and...

6.7CVSS6.1AI score0.00348EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Netty

The Snappy frame decoder function does not limit the chunk length, which can lead to excessive memory usage. In addition, it may also buffer reserved skipable chunks until the entire chunk is received, which can also result in excessive memory usage. This vulnerability can be exploited by providi...

7.5CVSS6.9AI score0.0628EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.19 views

SUSE CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00429EPSS
Exploits1References4
NVD
NVD
added 2026/05/13 7:17 p.m.16 views

CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS0.00429EPSS
Exploits1References1
OSV
OSV
added 2026/05/13 7:17 p.m.7 views

DEBIAN-CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00429EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/13 7:17 p.m.16 views

CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00429EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/13 6:9 p.m.7 views

CVE-2026-42583 Netty: Lz4FrameDecoder resource exhaustion

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00429EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 6:9 p.m.39 views

CVE-2026-42583 Netty: Lz4FrameDecoder resource exhaustion

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS0.00429EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017447)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017447 advisory. The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunk...

7.5CVSS6.8AI score0.0628EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/07 12:20 a.m.13 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Lz4FrameDecoder component. An attacker can cause excessive memory allocation by sending specially crafted compressed data with manipulated header fields, leading to resource...

8.7CVSS5.8AI score0.00429EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 12:20 a.m.18 views

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-codec is an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Lz4FrameDecoder component. An attacker can cause excessive memory allocation by sending...

8.7CVSS5.8AI score0.00429EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2025/12/22 9:29 p.m.4 views

CVE-2025-34458

wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprsmice located in src/decodeaprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or...

8.7CVSS5.2AI score0.00424EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-2029

Malware in sbrugna...

7.5CVSS6.8AI score0.0628EPSS
Exploits0References47
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-6752

Malicious code in bioql PyPI...

7.4CVSS7.5AI score0.02756EPSS
Exploits0References1
Rows per page
Query Builder