Lucene search
K

4 matches found

SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.9 views

SUSE CVE-2026-46340

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

7.5CVSS5.5AI score0.00371EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:19 p.m.29 views

CVE-2026-46340 Netty: SCTP reassembly nests buffers without bound

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

7.5CVSS0.00371EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/09 9:19 a.m.11 views

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded accumulation of incomplete SCTP message fragments in nested CompositeByteBuf structures without limits on fragment count, size, or stream identifiers, which allows an attacker to exhaust memory and processing...

7.5CVSS5.5AI score0.00371EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/08 11:2 p.m.19 views

Netty: SCTP reassembly nests buffers without bound

For each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding...

7.5CVSS5.7AI score0.00371EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder