Vulnerability-Lookup

WID-SEC-W-2026-1814

Vulnerability from csaf_certbund - Published: 2026-06-07 22:00 - Updated: 2026-06-15 22:00

Summary

Netty: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Netty ist ein asynchrones, ereignisgesteuertes Netzwerk-Anwendungs-Framework für die schnelle Entwicklung von wartbaren, hochleistungsfähigen Protokollservern und -clients.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Netty ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand herbeizuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2026-44249

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-44250

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-44890

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-44892

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-44893

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-44894

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-45416

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-45536

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-45673

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-45674

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-46340

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-47244

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-47691

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-48006

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-48043

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-48059

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-48748

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-50009

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-50010

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-50020

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

CVE-2026-50560

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Open Source Netty <4.1.135.Final Open Source / Netty		<4.1.135.Final
Open Source Netty <4.2.15.Final Open Source / Netty		<4.2.15.Final

References

25 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/netty/netty/security/advisories/	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Netty ist ein asynchrones, ereignisgesteuertes Netzwerk-Anwendungs-Framework f\u00fcr die schnelle Entwicklung von wartbaren, hochleistungsf\u00e4higen Protokollservern und -clients.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Netty ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1814 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1814.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1814 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1814"
      },
      {
        "category": "external",
        "summary": "Netty Security Advisories vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-3244-j874-rhc2 vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-3244-j874-rhc2"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-4grm-h2qv-h6w6 vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-4grm-h2qv-h6w6"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-5pvg-856g-cp85 vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-5pvg-856g-cp85"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-5w86-c3rq-vjj7 vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-5w86-c3rq-vjj7"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-5x3r-wrvg-rp6q vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-5x3r-wrvg-rp6q"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-5xrh-qmmq-w6ch vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-5xrh-qmmq-w6ch"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-676x-f7gg-47vc vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-6ghj-frrj-jjj3 vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-6ghj-frrj-jjj3"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-6jv9-x5w9-2ccm vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-6jv9-x5w9-2ccm"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-c2gf-v879-257j vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-c2gf-v879-257j"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-c2rx-5r8w-8xr2 vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-c2rx-5r8w-8xr2"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-c653-97m9-rcg9 vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-c653-97m9-rcg9"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-cc37-9q2j-3hfv vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-cmm3-54f8-px4j vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-cmm3-54f8-px4j"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-cq4q-cv5g-r8q5 vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-cq4q-cv5g-r8q5"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-h2qv-fj59-j46j vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-h2qv-fj59-j46j"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-hvcg-qmg6-jm4c vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-hvcg-qmg6-jm4c"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-w573-9ffj-6ff9 vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-w573-9ffj-6ff9"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-x4gw-5cx5-pgmh vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-xmv7-r254-6q78 vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-xmv7-r254-6q78"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-xmv7-r254-6q78 vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86"
      },
      {
        "category": "external",
        "summary": "Netty Security Advisories vom 2026-06-07",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-563q-j3cm-6jxm"
      }
    ],
    "source_lang": "en-US",
    "title": "Netty: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-15T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-16T08:20:02.393+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1814",
      "initial_release_date": "2026-06-07T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-06-07T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-06-08T22:00:00.000+00:00",
          "number": "2",
          "summary": "CVE erg\u00e4nzt"
        },
        {
          "date": "2026-06-11T22:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-36327, EUVD-2026-36357, EUVD-2026-36356"
        },
        {
          "date": "2026-06-14T22:00:00.000+00:00",
          "number": "4",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-36432, EUVD-2026-36450, EUVD-2026-36471, EUVD-2026-36465, EUVD-2026-36459, EUVD-2026-36451, EUVD-2026-36445, EUVD-2026-36457, EUVD-2026-36494, EUVD-2026-36468, EUVD-2026-36436, EUVD-2026-36439, EUVD-2026-36435, EUVD-2026-36489, EUVD-2026-36492"
        },
        {
          "date": "2026-06-15T22:00:00.000+00:00",
          "number": "5",
          "summary": "Referenz(en) aufgenommen: CVE-2026-50009"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.2.15.Final",
                "product": {
                  "name": "Open Source Netty \u003c4.2.15.Final",
                  "product_id": "T055037"
                }
              },
              {
                "category": "product_version",
                "name": "4.2.15.Final",
                "product": {
                  "name": "Open Source Netty 4.2.15.Final",
                  "product_id": "T055037-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:netty:netty:4.2.15.final"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.1.135.Final",
                "product": {
                  "name": "Open Source Netty \u003c4.1.135.Final",
                  "product_id": "T055038"
                }
              },
              {
                "category": "product_version",
                "name": "4.1.135.Final",
                "product": {
                  "name": "Open Source Netty 4.1.135.Final",
                  "product_id": "T055038-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:netty:netty:4.1.135.final"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Netty"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-44249",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-44249"
    },
    {
      "cve": "CVE-2026-44250",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-44250"
    },
    {
      "cve": "CVE-2026-44890",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-44890"
    },
    {
      "cve": "CVE-2026-44892",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-44892"
    },
    {
      "cve": "CVE-2026-44893",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-44893"
    },
    {
      "cve": "CVE-2026-44894",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-44894"
    },
    {
      "cve": "CVE-2026-45416",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-45416"
    },
    {
      "cve": "CVE-2026-45536",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-45536"
    },
    {
      "cve": "CVE-2026-45673",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-45673"
    },
    {
      "cve": "CVE-2026-45674",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-45674"
    },
    {
      "cve": "CVE-2026-46340",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-46340"
    },
    {
      "cve": "CVE-2026-47244",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-47244"
    },
    {
      "cve": "CVE-2026-47691",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-47691"
    },
    {
      "cve": "CVE-2026-48006",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-48006"
    },
    {
      "cve": "CVE-2026-48043",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-48043"
    },
    {
      "cve": "CVE-2026-48059",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-48059"
    },
    {
      "cve": "CVE-2026-48748",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-48748"
    },
    {
      "cve": "CVE-2026-50009",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-50009"
    },
    {
      "cve": "CVE-2026-50010",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-50010"
    },
    {
      "cve": "CVE-2026-50020",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-50020"
    },
    {
      "cve": "CVE-2026-50560",
      "product_status": {
        "known_affected": [
          "T055038",
          "T055037"
        ]
      },
      "release_date": "2026-06-07T22:00:00.000+00:00",
      "title": "CVE-2026-50560"
    }
  ]
}

CVE-2026-44249 (GCVE-0-2026-44249)

Vulnerability from cvelistv5 – Published: 2026-06-11 20:46 – Updated: 2026-06-13 03:55

Title

Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

Summary

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-284 - Improper Access Control
CWE-697 - Incorrect Comparison

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final Affected: < 4.1.135.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-13T03:55:45.263Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.135.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions. Versions 4.1.135.Final and 4.2.15.Final patch the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-697",
              "description": "CWE-697: Incorrect Comparison",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-11T20:46:14.110Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-3qp7-7mw8-wx86",
        "discovery": "UNKNOWN"
      },
      "title": "Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44249",
    "datePublished": "2026-06-11T20:46:14.110Z",
    "dateReserved": "2026-05-05T16:33:55.844Z",
    "dateUpdated": "2026-06-13T03:55:45.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44250 (GCVE-0-2026-44250)

Vulnerability from cvelistv5 – Published: 2026-06-11 20:49 – Updated: 2026-06-12 13:44

Title

Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Summary

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final Affected: < 4.1.135.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44250",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T13:44:38.298945Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T13:44:45.503Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.135.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Versions 4.1.135.Final and 4.2.15.Final patch the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-11T20:49:00.487Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-3244-j874-rhc2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-3244-j874-rhc2"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-3244-j874-rhc2",
        "discovery": "UNKNOWN"
      },
      "title": "Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44250",
    "datePublished": "2026-06-11T20:49:00.487Z",
    "dateReserved": "2026-05-05T16:33:55.844Z",
    "dateUpdated": "2026-06-12T13:44:45.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44890 (GCVE-0-2026-44890)

Vulnerability from cvelistv5 – Published: 2026-06-11 20:52 – Updated: 2026-06-12 10:05

Title

Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Summary

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without `\r\n`. This exhausts the server's direct memory pool (OutOfDirectMemoryError), preventing legitimate connections from being processed. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final Affected: < 4.1.135.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44890",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T10:05:11.294129Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T10:05:37.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.135.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without `\\r\\n`. This exhausts the server\u0027s direct memory pool (OutOfDirectMemoryError), preventing legitimate connections from being processed. Versions 4.1.135.Final and 4.2.15.Final patch the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-11T20:52:50.980Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-6ghj-frrj-jjj3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-6ghj-frrj-jjj3"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-6ghj-frrj-jjj3",
        "discovery": "UNKNOWN"
      },
      "title": "Netty has Unbounded Direct Memory Consumption in its RedisDecoder"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44890",
    "datePublished": "2026-06-11T20:52:50.980Z",
    "dateReserved": "2026-05-07T21:50:33.545Z",
    "dateUpdated": "2026-06-12T10:05:37.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44892 (GCVE-0-2026-44892)

Vulnerability from cvelistv5 – Published: 2026-06-12 05:04 – Updated: 2026-06-12 09:59

Title

Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

Summary

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the `Http3ConnectionHandler` in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify `HTTP3_SETTINGS_MAX_FIELD_SECTION_SIZE`, the implementation defaults to an unbounded limit. This insecure default configuration allows a malicious client or server to send an enormous number of headers, leading to a memory exhaustion Denial of Service via an `OutOfMemoryError`. Version 4.2.15.Final contains a patch.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption
CWE-1188 - Insecure Default Initialization of Resource

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T09:58:28.646579Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T09:59:06.667Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the `Http3ConnectionHandler` in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify `HTTP3_SETTINGS_MAX_FIELD_SECTION_SIZE`, the implementation defaults to an unbounded limit. This insecure default configuration allows a malicious client or server to send an enormous number of headers, leading to a memory exhaustion Denial of Service via an `OutOfMemoryError`. Version 4.2.15.Final contains a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188: Insecure Default Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T05:04:58.033Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-c2rx-5r8w-8xr2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-c2rx-5r8w-8xr2"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-c2rx-5r8w-8xr2",
        "discovery": "UNKNOWN"
      },
      "title": "Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44892",
    "datePublished": "2026-06-12T05:04:58.033Z",
    "dateReserved": "2026-05-07T21:50:33.545Z",
    "dateUpdated": "2026-06-12T09:59:06.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44893 (GCVE-0-2026-44893)

Vulnerability from cvelistv5 – Published: 2026-06-12 14:00 – Updated: 2026-06-12 19:02

Title

Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Summary

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.retainedSlice(header.readerIndex(), length)` and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException. HAProxyMessageDecoder only catches HAProxyProtocolException around this call, so the IOOBE propagates and the retained slice on the pooled cumulation buffer is never released. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-703 - Improper Check or Handling of Exceptional Conditions

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final Affected: < 4.1.135.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44893",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T19:01:50.571781Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T19:02:36.871Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.135.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.retainedSlice(header.readerIndex(), length)` and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException. HAProxyMessageDecoder only catches HAProxyProtocolException around this call, so the IOOBE propagates and the retained slice on the pooled cumulation buffer is never released. Versions 4.1.135.Final and 4.2.15.Final patch the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T14:04:45.663Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-cc37-9q2j-3hfv",
        "discovery": "UNKNOWN"
      },
      "title": "Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44893",
    "datePublished": "2026-06-12T14:00:25.801Z",
    "dateReserved": "2026-05-07T21:50:33.545Z",
    "dateUpdated": "2026-06-12T19:02:36.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44894 (GCVE-0-2026-44894)

Vulnerability from cvelistv5 – Published: 2026-06-12 14:06 – Updated: 2026-06-13 03:04

Title

Netty's Default QUIC token handler accepts any client-supplied token

Summary

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken() returns false (server will not send Retry — acceptable), but validateToken() unconditionally `return 0`. In QuicheQuicServerCodec.handlePacket(), a non-negative return from validateToken() is interpreted as 'token is valid, ODCID starts at offset 0', causing the server to call quiche_accept as if the client's address had been validated by a Retry round-trip. Per RFC 9000 §8.1, a validated address lifts the 3× anti-amplification send limit. Thus any attacker who includes ANY non-empty token bytes in an Initial packet — with a spoofed victim source IP — causes the Netty server to treat the victim as validated and reflect full-size handshake flights (certificates, etc.) toward it without the 3× cap. The correct 'no token handler' semantics would be to return -1 (invalid) so the normal un-validated path and amplification limit apply. Version 4.2.15.Final patches the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-940 - Improper Verification of Source of a Communication Channel

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44894",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-13T03:03:54.989814Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-13T03:04:10.351Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken() returns false (server will not send Retry \u2014 acceptable), but validateToken() unconditionally `return 0`. In QuicheQuicServerCodec.handlePacket(), a non-negative return from validateToken() is interpreted as \u0027token is valid, ODCID starts at offset 0\u0027, causing the server to call quiche_accept as if the client\u0027s address had been validated by a Retry round-trip. Per RFC 9000 \u00a78.1, a validated address lifts the 3\u00d7 anti-amplification send limit. Thus any attacker who includes ANY non-empty token bytes in an Initial packet \u2014 with a spoofed victim source IP \u2014 causes the Netty server to treat the victim as validated and reflect full-size handshake flights (certificates, etc.) toward it without the 3\u00d7 cap. The correct \u0027no token handler\u0027 semantics would be to return -1 (invalid) so the normal un-validated path and amplification limit apply. Version 4.2.15.Final patches the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "CWE-940: Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T14:06:54.213Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-cmm3-54f8-px4j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-cmm3-54f8-px4j"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-cmm3-54f8-px4j",
        "discovery": "UNKNOWN"
      },
      "title": "Netty\u0027s Default QUIC token handler accepts any client-supplied token"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44894",
    "datePublished": "2026-06-12T14:06:54.213Z",
    "dateReserved": "2026-05-07T21:50:33.545Z",
    "dateUpdated": "2026-06-13T03:04:10.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45416 (GCVE-0-2026-45416)

Vulnerability from cvelistv5 – Published: 2026-06-12 14:10 – Updated: 2026-06-12 15:07

Title

Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

Summary

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates `ctx.alloc().buffer(handshakeLength)` (line 161). The guard at line 140 is `handshakeLength > maxClientHelloLength && maxClientHelloLength != 0`, and the commonly-used SniHandler/AbstractSniHandler constructors (SniHandler(Mapping), SniHandler(AsyncMapping), AbstractSniHandler()) pass maxClientHelloLength=0 and handshakeTimeoutMillis=0, so the length guard is disabled and no timeout is scheduled. A 16 MiB request exceeds the default pooled chunk size and becomes a huge/unpooled allocation performed immediately. The buffer is retained in the handler until the channel closes. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final Affected: < 4.1.135.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45416",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T15:06:59.768657Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T15:07:07.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.135.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates `ctx.alloc().buffer(handshakeLength)` (line 161). The guard at line 140 is `handshakeLength \u003e maxClientHelloLength \u0026\u0026 maxClientHelloLength != 0`, and the commonly-used SniHandler/AbstractSniHandler constructors (SniHandler(Mapping), SniHandler(AsyncMapping), AbstractSniHandler()) pass maxClientHelloLength=0 and handshakeTimeoutMillis=0, so the length guard is disabled and no timeout is scheduled. A 16 MiB request exceeds the default pooled chunk size and becomes a huge/unpooled allocation performed immediately. The buffer is retained in the handler until the channel closes. Versions 4.1.135.Final and 4.2.15.Final patch the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T14:12:09.426Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-x4gw-5cx5-pgmh",
        "discovery": "UNKNOWN"
      },
      "title": "Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45416",
    "datePublished": "2026-06-12T14:10:05.585Z",
    "dateReserved": "2026-05-12T01:48:40.452Z",
    "dateUpdated": "2026-06-12T15:07:07.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45536 (GCVE-0-2026-45536)

Vulnerability from cvelistv5 – Published: 2026-06-12 14:12 – Updated: 2026-06-12 15:05

Title

Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

Summary

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_unix_socket_recvFd sets msg_control to `char control[CMSG_SPACE(sizeof(int))]` (line 940) — 24 bytes on 64-bit Linux. A peer-sent SCM_RIGHTS cmsg carrying two ints has cmsg_len = CMSG_LEN(8) = 24, which fits exactly with no MSG_CTRUNC, so the kernel installs both fds in the receiving process. The subsequent check `cmsg->cmsg_len == CMSG_LEN(sizeof(int))` (line 972, expected 20) fails, the branch that would read the fd is skipped, and neither installed fd is closed. The for(;;) loop calls recvmsg again (non-blocking → EAGAIN → Java maps to 0 → read loop exits normally), leaving two leaked fds per message. There is no MSG_CTRUNC handling. Reachable via Epoll/KQueue DomainSocketChannel when the application opts into DomainSocketReadMode.FILE_DESCRIPTORS (non-default). Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Severity

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
CWE-772 - Missing Release of Resource after Effective Lifetime

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final Affected: < 4.1.135.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45536",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T15:05:26.043862Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T15:05:36.411Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.135.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_unix_socket_recvFd sets msg_control to `char control[CMSG_SPACE(sizeof(int))]` (line 940) \u2014 24 bytes on 64-bit Linux. A peer-sent SCM_RIGHTS cmsg carrying two ints has cmsg_len = CMSG_LEN(8) = 24, which fits exactly with no MSG_CTRUNC, so the kernel installs both fds in the receiving process. The subsequent check `cmsg-\u003ecmsg_len == CMSG_LEN(sizeof(int))` (line 972, expected 20) fails, the branch that would read the fd is skipped, and neither installed fd is closed. The for(;;) loop calls recvmsg again (non-blocking \u2192 EAGAIN \u2192 Java maps to 0 \u2192 read loop exits normally), leaving two leaked fds per message. There is no MSG_CTRUNC handling. Reachable via Epoll/KQueue DomainSocketChannel when the application opts into DomainSocketReadMode.FILE_DESCRIPTORS (non-default). Versions 4.1.135.Final and 4.2.15.Final patch the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-772",
              "description": "CWE-772: Missing Release of Resource after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T14:12:48.126Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-w573-9ffj-6ff9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-w573-9ffj-6ff9"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-w573-9ffj-6ff9",
        "discovery": "UNKNOWN"
      },
      "title": "Netty: Unix-socket fd receive leaks descriptors when peer sends two at once"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45536",
    "datePublished": "2026-06-12T14:12:48.126Z",
    "dateReserved": "2026-05-12T17:48:47.878Z",
    "dateUpdated": "2026-06-12T15:05:36.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45673 (GCVE-0-2026-45673)

Vulnerability from cvelistv5 – Published: 2026-06-12 14:16 – Updated: 2026-06-12 16:05

Title

Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Summary

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning (Kaminsky attack). Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-330 - Use of Insufficiently Random Values
CWE-340 - Generation of Predictable Numbers or Identifiers

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final Affected: < 4.1.135.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45673",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T16:05:23.161156Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T16:05:32.064Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.135.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty\u0027s DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning (Kaminsky attack). Versions 4.1.135.Final and 4.2.15.Final patch the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-330",
              "description": "CWE-330: Use of Insufficiently Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340: Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T14:16:03.968Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-xmv7-r254-6q78",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-xmv7-r254-6q78"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-xmv7-r254-6q78",
        "discovery": "UNKNOWN"
      },
      "title": "Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45673",
    "datePublished": "2026-06-12T14:16:03.968Z",
    "dateReserved": "2026-05-12T21:59:25.666Z",
    "dateUpdated": "2026-06-12T16:05:32.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45674 (GCVE-0-2026-45674)

Vulnerability from cvelistv5 – Published: 2026-06-12 14:17 – Updated: 2026-06-16 13:17

Title

Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Summary

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Severity

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-345 - Insufficient Verification of Data Authenticity

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final Affected: < 4.1.135.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45674",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-13T03:56:02.852513Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T13:17:42.663Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.135.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty\u0027s DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345: Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T14:17:50.203Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-676x-f7gg-47vc",
        "discovery": "UNKNOWN"
      },
      "title": "Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45674",
    "datePublished": "2026-06-12T14:17:50.203Z",
    "dateReserved": "2026-05-12T21:59:25.666Z",
    "dateUpdated": "2026-06-16T13:17:42.663Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1814

CVE-2026-44249 (GCVE-0-2026-44249)

CVE-2026-44250 (GCVE-0-2026-44250)

CVE-2026-44890 (GCVE-0-2026-44890)

CVE-2026-44892 (GCVE-0-2026-44892)

CVE-2026-44893 (GCVE-0-2026-44893)

CVE-2026-44894 (GCVE-0-2026-44894)

CVE-2026-45416 (GCVE-0-2026-45416)

CVE-2026-45536 (GCVE-0-2026-45536)

CVE-2026-45673 (GCVE-0-2026-45673)

CVE-2026-45674 (GCVE-0-2026-45674)

Tags

Sightings

Nomenclature