ROOT-APP-MAVEN-CVE-2026-42578 CVE-2026-42578 in io.root.io.netty:netty-handler-proxy - Patched by Root

Root has patched CVE-2026-42578 in the io.root.io.netty:netty-handler-proxy package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-24970 CVE-2025-24970 in io.root.io.netty:netty-handler - Patched by Root

Root has patched CVE-2025-24970 in the io.root.io.netty:netty-handler package for Root:Maven. Multiple fixed versions available...

ai.agentican:agentican-framework-core (=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +15603 more potentially affected by CVE-2026-42578 via io.netty:netty-handler-proxy (>=4.1.0.Beta4 <=4.1.132.Final)

io.netty:netty-handler-proxy MAVEN version =4.1.0.Beta4, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2026-42578 Source advisory:...

Security Bulletin: Vulnerability in netty-handler affects IBM Netezza Appliance

Summary The netty-handler package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-24970 Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in netty-handler (CVE-2025-24970)

Summary A vulnerability in Netty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version...

Security Bulletin: IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970.

Summary IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network...

Security Bulletin: There is a vulnerability in netty-handler-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24970)

Summary There is a vulnerability in netty-handler-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in...

Security Bulletin: There is a vulnerability in netty-handler-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2025-24970)

Summary There is a vulnerability in netty-handler-4.1.101.Final.jar used by IBM Maximo Asset Management application CVE-2025-24970 Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version...

io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...

at.aimit.mariella:persistence-kotlin (>=1.0.5 <=1.0.8), cloud.piranha.http:piranha-http-netty (>=25.4.0 <=25.5.0) +654 more potentially affected by CVE-2025-24970 via io.netty:netty-handler (>=4.2.0.Alpha1 <=4.2.0.RC2)

io.netty:netty-handler MAVEN version =4.2.0.Alpha1, =1.0.5, =25.4.0, =25.4.0, =7.9.0, =18.0.0, =18.0.0, =18.0.0, =10.0.8, =3.12.1, =3.13.0-RC1 and more Source cves: CVE-2025-24970 Source advisory: SNYK:JAVA-IONETTY-8707739...

Improper Validation of Specified Quantity in Input

Overview io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which...

Withdrawn Advisory: Netty-handler does not validate host names by default

Withdrawn Advisory This advisory has been withdrawn because the underlying vulnerability only concerns Red Hat's Hot Rod client, which is not in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references. Original Description Netty-handler...

as.leap:vertx-rpc (>=3.0.0 <=3.1.1), au.com.agiledigital:play-rest-support-testkit_2.11 (>=0.0.2 <=0.0.3) +2388 more potentially affected by CVE-2016-4970 via io.netty:netty-handler (>=4.0.0.Alpha1 <=4.0.36.Final)

io.netty:netty-handler MAVEN version =4.0.0.Alpha1, =3.0.0, =0.0.2, =2.1.1, =2.2.11, =2.2.11, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.4.15 and more Source cves: CVE-2016-4970 Source advisory: OSV:GHSA-RV63-GQM8-9W8Q...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +35352 more potentially affected by CVE-2020-11612 via io.netty:netty-handler (>=4.1.0.Beta1 <=4.1.45.Final)

io.netty:netty-handler MAVEN version =4.1.0.Beta1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2020-11612 Source...

ai.ylyue:yue-library-auth-client (=2.1.0), ai.ylyue:yue-library-auth-service (=2.1.0) +1891 more potentially affected by CVE-2020-7238 +1 more via io.netty:netty-handler (>=4.1.43.Final <=4.1.44.Final)

io.netty:netty-handler MAVEN version =4.1.43.Final, =0.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =0.0.1-alpha, =0.5.1, =0.5.1, =0.5.1, =0.7.0 and more Source cves: CVE-2020-7238, CVE-2020-72381 Source advisory: OSV:GHSA-FF2W-CQ2G-WV5F...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +37013 more potentially affected by CVE-2019-20445 via io.netty:netty-handler (>=4.0.0.Alpha1 <=4.1.44.Final)

io.netty:netty-handler MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2019-20445 Source...

Man-in-the-Middle (MitM)

netty-handler is vulnerable to man-in-the-middle attacks. The library uses an SSLEngine that does not verify certificate hostnames when establishing connections with a server by default. This allows an attacker to potentially intercept and modify network traffic in a successful man-in-the-middle...