VYPR

Netty

by Netty

Source repositories

CVEs (58)

  • CVE-2026-33870Mar 27, 2026
    risk 0.00cvss epss 0.01

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final…

  • CVE-2025-67735Dec 16, 2025
    risk 0.00cvss epss 0.00

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling…

  • CVE-2025-58057Sep 3, 2025
    risk 0.00cvss epss 0.01

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with…

  • CVE-2025-58056Sep 3, 2025
    risk 0.00cvss epss 0.01

    Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a…

  • CVE-2025-55163Aug 13, 2025
    risk 0.00cvss epss 0.01

    Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break…

  • CVE-2025-25193Feb 10, 2025
    risk 0.00cvss epss 0.00

    Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty…

  • CVE-2025-24970Feb 10, 2025
    risk 0.00cvss epss 0.02

    Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all…

  • CVE-2024-47535Nov 12, 2024
    risk 0.00cvss epss 0.00

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows…

  • CVE-2024-29025Mar 25, 2024
    risk 0.00cvss epss 0.01

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so,…

  • CVE-2023-34462Jun 22, 2023
    risk 0.00cvss epss 0.02

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does…

  • CVE-2022-41915Dec 13, 2022
    risk 0.00cvss epss 0.01

    Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header…

  • CVE-2022-41881Dec 12, 2022
    risk 0.00cvss epss 0.01

    Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no…

  • CVE-2022-24823May 6, 2022
    risk 0.00cvss epss 0.01

    Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can…

  • CVE-2021-43797Dec 9, 2021
    risk 0.00cvss epss 0.03

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It…

  • CVE-2021-21409Mar 30, 2021
    risk 0.00cvss epss 0.05

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request…

  • CVE-2021-21290Feb 8, 2021
    risk 0.00cvss epss 0.02

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file.…

  • CVE-2014-3488Jul 31, 2014
    risk 0.00cvss epss 0.04

    The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

  • CVE-2014-0193May 6, 2014
    risk 0.00cvss epss 0.04

    WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of…

Page 3 of 3