Search CVE reports
1 – 10 of 28 results
CVE-2025-25193
Medium priorityNetty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty....
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2025-24970
Medium priorityNetty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-47535
Medium priorityNetty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Ignored | Ignored | Ignored | Ignored | Ignored |
| netty-3.9 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-29025
Medium prioritySome fixes available 6 of 8
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2023-44487
High prioritySome fixes available 21 of 53
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
13 affected packages
dotnet6, dotnet7, dotnet8, h2o, haproxy...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Fixed | Not in release | Not in release | Not in release |
| dotnet7 | Not in release | Fixed | Not in release | Not in release | Not in release |
| dotnet8 | Fixed | Not affected | Not in release | Not in release | Not in release |
| h2o | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| haproxy | Not affected | Not affected | Not affected | Fixed | Not affected |
| netty | Not affected | Fixed | Fixed | Not affected | Not affected |
| nghttp2 | Not affected | Fixed | Fixed | Fixed | Fixed |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Not affected | Not in release | Not in release | Ignored | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Not affected | Fixed | Fixed | Fixed | Ignored |
| trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-34462
Medium prioritySome fixes available 2 of 6
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Fixed | Fixed | Not affected | Not affected | Not affected |
CVE-2022-41915
Medium prioritySome fixes available 7 of 12
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed | Fixed |
| netty-3.9 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-41881
Medium prioritySome fixes available 7 of 12
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue...
2 affected packages
netty, netty-3.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed | Fixed |
| netty-3.9 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-24823
Low prioritySome fixes available 6 of 11
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2021-43797
Medium prioritySome fixes available 7 of 12
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Fixed | Fixed | Fixed | Fixed | Fixed |