13 matches found
CVE-2026-42583
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...
SUSE CVE-2026-42583
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...
CVE-2026-42583
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...
CVE-2026-42583 Netty: Lz4FrameDecoder resource exhaustion
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...
CVE-2026-42583 Netty: Lz4FrameDecoder resource exhaustion
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...
CVE-2026-42583
CVE-2026-42583 (Netty) affects Netty’s Lz4FrameDecoder. Before versions 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf sized to decompressedLength (up to 32 MB per block) prior to running the LZ4 step. A peer can trigger this allocation with only a 21-byte header plus compres...
GHSA-MJ4R-2HFC-F8P6 Netty Lz4FrameDecoder is vulnerable to resource exhaustion
Summary Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if compressedLength == 1 - to force that allocation. Details...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Lz4FrameDecoder component. An attacker can cause excessive memory allocation by sending specially crafted compressed data with manipulated header fields, leading to resource...
Allocation of Resources Without Limits or Throttling
Overview io.netty:netty-codec is an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Lz4FrameDecoder component. An attacker can cause excessive memory allocation by sending...
UBUNTU-CVE-2025-62813
LZ4 through 1.10.0 allows attackers to cause a denial of service application crash or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4FcreateCDictadvanced in lib/lz4frame.c mishandles NULL checks...
[SECURITY] Fedora 36 Update: golang-github-pierrec-lz4-4.1.3-6.fc36
Package lz4 implements reading and writing lz4 compressed data a frame, as specified in http://fastcompression.blogspot.com/2013/04/lz4-streaming-format-final.html. This package is compatible with the LZ4 frame format although the block level compression and decompression functions are exposed an...
[SECURITY] Fedora 35 Update: golang-github-pierrec-lz4-4.1.3-5.fc35
Package lz4 implements reading and writing lz4 compressed data a frame, as specified in http://fastcompression.blogspot.com/2013/04/lz4-streaming-format-final.html. This package is compatible with the LZ4 frame format although the block level compression and decompression functions are exposed an...
[SECURITY] Fedora 36 Update: golang-github-pierrec-lz4-4.1.3-5.fc36
Package lz4 implements reading and writing lz4 compressed data a frame, as specified in http://fastcompression.blogspot.com/2013/04/lz4-streaming-format-final.html. This package is compatible with the LZ4 frame format although the block level compression and decompression functions are exposed an...