20 matches found
SUSE-SU-2026:2802-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issue This update for netty, netty-tcnative fixes the following issues Upgrade netty to upstream version 4.1.135, netty-tcnative to upstream version 2.0.79: - CVE-2026-44249: IPv6 Subnet Filter Bypass via Incorrect Comparator Masking...
SUSE SLED15 / SLES15 Security Update : netty, netty-tcnative (SUSE-SU-2026:2308-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2308-1 advisory. This update for netty, netty-tcnative fixes the following issues - CVE-2026-41417: missing validations leads t...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in RedisArrayAggregator. An attacker who sends a small RESP array header declaring a very large element count can force the aggregator to reserve a large ArrayList via the...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in shouldWaitForDynamicTableUpdates in QpackDecoder. An attacker can open an indefinite number of persistently blocked streams by sending headers that reference dynamic table entries...
SUSE-SU-2026:2308-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues - CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in DefaultHttpRequest.setUri bsc1264350. - CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3026 more potentially affected by CVE-2026-47244 via io.netty:netty-codec-http2 (>=4.2.0.Final <=4.2.14.Final)
io.netty:netty-codec-http2 MAVEN version =4.2.0.Final, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-47244 Source advisory: OSV:GHSA-5X3R-WRVG-RP6Q...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded nesting of composite buffers in the SCTP message reassembly process. An attacker can exhaust system memory and cause a denial of service by sending a large number of...
Improper Verification of Source of a Communication Channel
Overview Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel due to improper validation in the validateToken function. An attacker can cause the server to treat unvalidated client addresses as validated by supplying any non-empty token...
Insecure Default Initialization of Resource
Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the lack of an enforced maximum header size limit in the default configuration of the Http3ConnectionHandler. An attacker can exhaust server memory and cause application crashes by...
Missing Release of Resource after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the handling of TCP connections with ALLOWHALFCLOSURE enabled when a remote peer sends a FIN followed by a RST. An attacker can cause resource exhaustion or high CPU utilization by...
SUSE-SU-2026:1353-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues: Upidate to 4.1.132: - CVE-2026-33870: incorrectly parses quoted strings in HTTP/1.1 can lead to request smuggling bsc1261031. - CVE-2026-33871: sending a flood of CONTINUATION frames can lead to a denial of service bsc1261043...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling in the parsing of quoted strings within chunked transfer encoding extension values. An attacker can inject arbitrary HTTP requests into a connection by crafting chunk extensions containing carriage return or line...
SUSE-SU-2025:03114-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues: Upgrade to upstream version 4.1.126. Security issues fixed: - CVE-2025-58057: decompression codecs allocating a large number of buffers after processing specially crafted input can cause a denial of service bsc1249134. -...
Linux Distros Unpatched Vulnerability : CVE-2021-43797
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty pri...
ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +17982 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.123.Final)
io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...
CVE-2024-40642
The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...
SUSE SLED15: jctools / jctools-channels / jctools-experimental / jctools-javadoc / etc (SUSE-SU-2024:4407-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4407-1 advisory. - CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java...
Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative
This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues: CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in netty...
SUSE-SU-2024:4407-1 Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative
This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues: - CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in nett...
OESA-2022-1930 netty security update
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages...