VYPR

Vendor CVEs

Netty

All CVEs

64 total · sorted by risk
  • CVE-2025-24970Feb 10, 2025
    risk 0.00cvss epss 0.02

    Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all…

  • CVE-2024-47535Nov 12, 2024
    risk 0.00cvss epss 0.00

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows…

  • CVE-2024-40642Jul 18, 2024
    risk 0.00cvss epss 0.01

    The netty incubator codec.bhttp is a java language binary http parser. In affected versions the `BinaryHttpParser` class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can…

  • CVE-2024-36121Jun 4, 2024
    risk 0.00cvss epss 0.00

    netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate…

  • CVE-2024-29025Mar 25, 2024
    risk 0.00cvss epss 0.01

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so,…

  • CVE-2023-34462Jun 22, 2023
    risk 0.00cvss epss 0.02

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does…

  • CVE-2022-41915Dec 13, 2022
    risk 0.00cvss epss 0.01

    Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header…

  • CVE-2022-41881Dec 12, 2022
    risk 0.00cvss epss 0.01

    Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no…

  • CVE-2022-24823May 6, 2022
    risk 0.00cvss epss 0.01

    Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can…

  • CVE-2021-43797Dec 9, 2021
    risk 0.00cvss epss 0.03

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It…

  • CVE-2021-21409Mar 30, 2021
    risk 0.00cvss epss 0.05

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request…

  • CVE-2021-21290Feb 8, 2021
    risk 0.00cvss epss 0.02

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file.…

  • CVE-2014-3488Jul 31, 2014
    risk 0.00cvss epss 0.04

    The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

  • CVE-2014-0193May 6, 2014
    risk 0.00cvss epss 0.04

    WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of…

Page 2 of 2