CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25193 – Denial of Service attack on windows app using Netty
https://notcve.org/view.php?id=CVE-2025-25193
10 Feb 2025 — Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. • https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47535 – Denial of Service attack on windows app using Netty
https://notcve.org/view.php?id=CVE-2024-47535
12 Nov 2024 — Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. • https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34462 – netty-handler SniHandler 16MB allocation
https://notcve.org/view.php?id=CVE-2023-34462
22 Jun 2023 — Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicat... • https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41915 – Debian Security Advisory 5316-1
https://notcve.org/view.php?id=CVE-2022-41915
13 Dec 2022 — Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator)` call, into a `remove... • https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-436: Interpretation Conflict •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41881 – codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS
https://notcve.org/view.php?id=CVE-2022-41881
12 Dec 2022 — Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. El proyecto Netty es un framework de aplicación de red asíncrona impulsado por eventos. • https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v • CWE-674: Uncontrolled Recursion •