Lucene search
K

12 matches found

RedHat Linux
RedHat Linux
added 4 days ago5 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS6.6AI score0.0064EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained a resource management vulnerability. This...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 3:1 p.m.11 views

CVE-2026-44248

A flaw was found in Netty, an asynchronous event-driven network application framework. A remote attacker can exploit this vulnerability by sending a crafted MQTT 5 header with an oversized Properties section. This causes Netty to repeatedly parse and buffer the large Properties section in memory...

7.5CVSS6.7AI score0.00455EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/06 2:32 p.m.5 views

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...

5.5CVSS7.3AI score0.00408EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.11 views

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

7.5CVSS7.1AI score0.01466EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/11/25 12:12 a.m.3 views

netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...

7.5CVSS7.1AI score0.03617EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/05/10 11:25 a.m.11 views

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

7.5CVSS7.1AI score0.01466EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/11/03 3:14 p.m.5 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.02682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/14 1:6 p.m.5 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.02682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/09/30 9:57 a.m.6 views

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

5.9CVSS7.1AI score0.04935EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.4 views

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...

9.1CVSS7.1AI score0.13474EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/05/26 4:9 p.m.2 views

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

7.5CVSS7.1AI score0.08415EPSS
Exploits1References4
Rows per page
Query Builder