VYPR

rpm package

opensuse/netty&distro=openSUSE Leap 15.6

pkg:rpm/opensuse/netty&distro=openSUSE%20Leap%2015.6

Vulnerabilities (11)

  • CVE-2026-33871Mar 27, 2026
    affected < 4.1.132-150200.4.43.1fixed 4.1.132-150200.4.43.1

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of `CONTINUATION` frames. The server's lack of a limit o

  • CVE-2026-33870Mar 27, 2026
    affected < 4.1.132-150200.4.43.1fixed 4.1.132-150200.4.43.1

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final an

  • CVE-2025-67735Dec 16, 2025
    affected < 4.1.130-150200.4.40.1fixed 4.1.130-150200.4.40.1

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling wh

  • CVE-2025-59419MedOct 15, 2025
    affected < 4.1.128-150200.4.37.1fixed 4.1.128-150200.4.37.1

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return (\r) and Line Feed (\n) char

  • CVE-2025-58057Sep 3, 2025
    affected < 4.1.126-150200.4.34.1fixed 4.1.126-150200.4.34.1

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s

  • CVE-2025-58056Sep 3, 2025
    affected < 4.1.126-150200.4.34.1fixed 4.1.126-150200.4.34.1

    Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a ch

  • CVE-2025-55163Aug 13, 2025
    affected < 4.1.126-150200.4.34.1fixed 4.1.126-150200.4.34.1

    Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the

  • CVE-2025-25193Feb 10, 2025
    affected < 4.1.118-150200.4.29.2fixed 4.1.118-150200.4.29.2

    Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts

  • CVE-2025-24970Feb 10, 2025
    affected < 4.1.118-150200.4.29.2fixed 4.1.118-150200.4.29.2

    Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cas

  • CVE-2024-47535Nov 12, 2024
    affected < 4.1.115-150200.4.26.1fixed 4.1.115-150200.4.26.1

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application

  • CVE-2024-29025Mar 25, 2024
    affected < 4.1.108-150200.4.23.1fixed 4.1.108-150200.4.23.1

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, t