VYPR

Maven package

io.netty/netty-codec-compression

pkg:maven/io.netty/netty-codec-compression

Vulnerabilities (2)

  • CVE-2026-42583HigMay 13, 2026
    affected < 4.2.13.Finalfixed 4.2.13.Final

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload

  • CVE-2025-58057Sep 3, 2025
    affected >= 4.2.0.Alpha1, < 4.2.5.Finalfixed 4.2.5.Final

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s