VYPR

Maven package

io.netty/netty-codec

pkg:maven/io.netty/netty-codec

Vulnerabilities (4)

  • CVE-2026-42583HigMay 13, 2026
    affected < 4.1.133.Finalfixed 4.1.133.Final

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload

  • CVE-2025-58057HigSep 4, 2025
    affected < 4.1.125.Finalfixed 4.1.125.Final

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s

  • CVE-2021-37137HigOct 19, 2021
    affected >= 4.0.0, < 4.1.68.Finalfixed 4.1.68.Final

    The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be tr

  • CVE-2021-37136HigOct 19, 2021
    affected < 4.1.68.Finalfixed 4.1.68.Final

    The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack