Maven package
io.netty/netty-codec-haproxy
pkg:maven/io.netty/netty-codec-haproxy
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-48059 | hig | — | >= 4.2.0.Final, < 4.2.15.Final | 4.2.15.Final | Jun 11, 2026 | ### Impact The HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested `PP2_TYPE_SSL` TLVs (type-length-value records) at depth two or greater. The leak occurs on the successful pa | |
| CVE-2022-41881 | — | < 4.1.86.Final | 4.1.86.Final | Dec 12, 2022 | Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no wor |
- affected >= 4.2.0.Final, < 4.2.15.Finalfixed 4.2.15.Final
### Impact The HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested `PP2_TYPE_SSL` TLVs (type-length-value records) at depth two or greater. The leak occurs on the successful pa
- CVE-2022-41881Dec 12, 2022affected < 4.1.86.Finalfixed 4.1.86.Final
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no wor