VYPR

rpm package

suse/netty-tcnative&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Vulnerabilities (10)

  • CVE-2025-58057Sep 3, 2025
    affected < 2.0.73-150200.3.30.1fixed 2.0.73-150200.3.30.1

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s

  • CVE-2025-58056Sep 3, 2025
    affected < 2.0.73-150200.3.30.1fixed 2.0.73-150200.3.30.1

    Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a ch

  • CVE-2025-55163Aug 13, 2025
    affected < 2.0.73-150200.3.30.1fixed 2.0.73-150200.3.30.1

    Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the

  • CVE-2025-25193Feb 10, 2025
    affected < 2.0.70-150200.3.25.1fixed 2.0.70-150200.3.25.1

    Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts

  • CVE-2025-24970Feb 10, 2025
    affected < 2.0.70-150200.3.25.1fixed 2.0.70-150200.3.25.1

    Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cas

  • CVE-2024-29025Mar 25, 2024
    affected < 2.0.65-150200.3.19.1fixed 2.0.65-150200.3.19.1

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, t

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 2.0.62-150200.3.16.1fixed 2.0.62-150200.3.16.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2022-41915Dec 13, 2022
    affected < 2.0.59-150200.3.10.1fixed 2.0.59-150200.3.10.1

    Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values

  • CVE-2022-41881Dec 12, 2022
    affected < 2.0.59-150200.3.10.1fixed 2.0.59-150200.3.10.1

    Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no wor

  • CVE-2022-24823May 6, 2022
    affected < 2.0.59-150200.3.10.1fixed 2.0.59-150200.3.10.1

    Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur