VYPR

Maven package

io.netty/netty-codec-dns

pkg:maven/io.netty/netty-codec-dns

Vulnerabilities (1)

  • CVE-2026-42579HigMay 13, 2026
    affected >= 4.2.0.Alpha1, < 4.2.13.Finalfixed 4.2.13.Final

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS respon