Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/01 7:57 a.m.10 views

CVE-2026-49361 Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability

Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...

5.8AI score0.0058EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 7:57 a.m.13 views

EUVD-2026-33600

Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...

7.5CVSS5.8AI score0.0058EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 7:57 a.m.3 views

CVE-2026-49361 Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability

Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...

7.5CVSS6AI score0.0058EPSS
Exploits0References4
OSV
OSV
added 2026/05/13 7:17 p.m.7 views

DEBIAN-CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00429EPSS
Exploits1References1
Rows per page
Query Builder