Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/12 2:0 p.m.26 views

CVE-2026-44893 Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS0.00578EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:0 p.m.10 views

CVE-2026-44893 Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00578EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 7:2 p.m.6 views

GHSA-CC37-9Q2J-3HFV Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

When decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException...

7.5CVSS5.7AI score0.00578EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47564

When decoding a PP2 TYPE SSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsExceptio...

7.5CVSS5.7AI score
Exploits0References5
Rows per page
Query Builder