Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/12 2:23 p.m.27 views

CVE-2026-47244 Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

5.3CVSS0.00292EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:23 p.m.16 views

EUVD-2026-36455

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

7.5CVSS7AI score0.99999EPSS
Exploits19References3
OSV
OSV
added 2026/06/08 11:2 p.m.10 views

GHSA-5X3R-WRVG-RP6Q Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Impact DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts SETTINGSMAXCONCURRENTSTREAMS by default Http2Settings.java:305-307 only clamps a user-supplied value. Unless the application explicitly calls...

5.3CVSS5.4AI score0.00292EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/08 11:2 p.m.14 views

Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Impact DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts SETTINGSMAXCONCURRENTSTREAMS by default Http2Settings.java:305-307 only clamps a user-supplied value. Unless the application explicitly calls...

5.3CVSS7AI score0.00292EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder