Unity Linux 20.1070e Security Update: netty (UTSA-2026-016730)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016730 advisory. Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2758 more potentially affected by CVE-2026-42587 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2026-42587 Source advisory: OSV:GHSA-F6HV-JMP6-3VWV...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2758 more potentially affected by CVE-2026-42580 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2026-42580 Source advisory: SNYK:JAVA-IONETTY-16438926...

Security Bulletin: IBM Informix updated to use the latest version of Netty to handle the Netty vulnerability.

Summary Netty version updated to 4.1.118.Final in Informix 12.10.xC16W2 and 4.1.121.Final in Informix 14.10.XC12. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance...

netty-4.1.128-1.1 on GA media (moderate)

netty-4.1.128-1.1 on GA media Announcement ID: openSUSE-SU-2025:15667-1 Rating: moderate Cross-References: CVE-2025-59419 CVSS scores: CVE-2025-59419 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2025-59419 SUSE : 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

Security Bulletin: Incomplete Fix in Netty ≤ 4.1.118.Final Leads to DoS via Unsafe Environment File Handling on Windows, which affects IBM watsonx.data

Summary Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load ...

Linux Distros Unpatched Vulnerability : CVE-2024-47535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe...

Linux Distros Unpatched Vulnerability : CVE-2020-7238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace such as a spaceTransfer-Encoding:chunked line and a later...

Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues: CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. bsc1237037 CVE-2025-25193: unsafe reading of environment files can lead to an application crash. bsc1237038 Update to netty version 4.1.118 a...

SUSE CVE-2025-25193

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file...

OESA-2023-1999 netty security update

Security Fixes: Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no...

SUSE-SU-2023:2974-1 Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues: Upgrade to upstream version 4.1.94: - CVE-2023-34462: Allow to limit the maximum lenght of the ClientHello bsc1212637...

SUSE CVE-2021-43797

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fa...

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in Netty versions prior to 4.1.86, which stems from the fact that header value validation ...

DEBIAN-CVE-2021-43797

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fa...

ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8), ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10) +7009 more potentially affected by CVE-2021-43797 via io.netty:netty (>=3.10.0.Final <=3.10.6.Final)

io.netty:netty MAVEN version =3.10.0.Final, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =0.1.7, =0.1.7, =0.10.0, =0.10.0, =0.10.0, =0.15.0 and more Source cves: CVE-2021-43797 Source advisory: OSV:GHSA-WX5J-54MM-RQQQ...

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...

ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8), ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10) +7009 more potentially affected by CVE-2019-20444 via io.netty:netty (>=3.10.0.Final <=3.10.6.Final)

io.netty:netty MAVEN version =3.10.0.Final, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =0.1.7, =0.1.7, =0.10.0, =0.10.0, =0.10.0, =0.15.0 and more Source cves: CVE-2019-20444 Source advisory: OSV:GHSA-CQQJ-4P63-RRMM...

DEBIAN-CVE-2020-7238

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace such as a spaceTransfer-Encoding:chunked line and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869...