from 0, < 1:4.1.33-1+deb10u4
from 0, < 1:4.1.48-4+deb11u2
CRITICAL9.1netty - security update
from 0, < 1:4.1.7-2+deb9u2
CRITICAL9.1netty - security update
from 0, < 1:4.1.45-1
CRITICAL9.1netty - security update
from 0, < 1:4.1.33-1+deb10u2
CRITICAL9.1netty - security update
from 0, < 1:3.2.6.Final-2+deb8u2
CRITICAL9.1HTTP Request Smuggling in Netty
from 0, < 1:4.1.45-1
HIGH8.7Netty has Insufficient Bailiwick Validation for NS Records
from 0
HIGH8.7Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
from 0
HIGH8.1Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking
from 0
HIGH7.5Netty is a network application framework for development of protocol servers and clients.
from 0
HIGH7.5Netty is a network application framework for development of protocol servers and clients.
from 0
HIGH7.5Netty is a network application framework for development of protocol servers and clients.
from 0
HIGH7.5Netty: SCTP reassembly nests buffers without bound
from 0
HIGH7.5Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes
from 0
HIGH7.5Netty's Default QUIC token handler accepts any client-supplied token
from 0
HIGH7.5Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length
from 0
HIGH7.5Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size
from 0
HIGH7.5Netty has Unbounded Direct Memory Consumption in its RedisDecoder
from 0
HIGH7.5Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays
from 0
HIGH7.5Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
from 0
HIGH7.5Netty Lz4FrameDecoder is vulnerable to resource exhaustion
from 0
HIGH7.5Netty HTTP/3 QPACK literal unbounded allocation
from 0
HIGH7.5Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)
from 0
HIGH7.5Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)
from 0
HIGH7.5Netty epoll transport denial of service via RST on half-closed TCP connection
from 0
HIGH7.5Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass
from 0
HIGH7.5Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
from 0
HIGH7.5Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions
from 0, < 1:4.1.48-4+deb11u3
HIGH7.5Netty's decoders vulnerable to DoS via zip bomb style attack
from 0, < 1:4.1.48-4+deb11u3
HIGH7.5netty - security update
from 0, < 1:4.1.48-7+deb12u2
HIGH7.5netty - security update
from 0, < 1:4.1.48-4+deb11u3
HIGH7.5Loop with Unreachable Exit Condition in Netty
from 0, < 1:4.0.37-1
HIGH7.5SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
from 0, < 1:4.1.48-4+deb11u1
HIGH7.5netty - security update
from 0, < 1:4.1.48-4+deb11u1
HIGH7.5netty - security update
from 0, < 1:4.1.48-4+deb11u1
HIGH7.5netty - security update
from 0, < 1:4.1.33-1+deb10u3
HIGH7.5Information Exposure in Netty
from 0, < 1:4.0.31-1
HIGH7.5Denial of Service in Netty
from 0, < 1:4.1.48-1
HIGH7.5HTTP Request Smuggling in Netty
from 0, < 1:4.1.45-1
HIGH7.5netty - security update
from 0, < 1:4.1.7-2+deb9u1
HIGH7.5netty - security update
from 0, < 1:4.1.33-2
HIGH7.5netty - security update
from 0, < 1:3.2.6.Final-2+deb8u1
HIGH7.3Netty has HttpClientCodec response desynchronization
from 0
MEDIUM6.9Netty is a network application framework for development of protocol servers and clients.
from 0
MEDIUM6.8Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
from 0
MEDIUM6.8Netty Redis Codec Encoder has a CRLF Injection Issue
from 0
MEDIUM6.5Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
from 0
MEDIUM6.5Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing
from 0
MEDIUM6.5Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
from 0, < 1:4.1.48-4+deb11u3
MEDIUM6.5netty - security update
from 0, < 1:4.1.48-4+deb11u2
MEDIUM6.5netty - security update
from 0, < 1:4.1.48-4+deb11u2
MEDIUM6.5Netty vulnerable to HTTP Response splitting from assigning header value iterator
from 0, < 1:4.1.48-4+deb11u1
MEDIUM6.5HTTP request smuggling in netty
from 0, < 1:4.1.48-4+deb11u1
MEDIUM6.2netty - security update
from 0, < 1:4.1.7-2+deb9u3
MEDIUM6.2netty - security update
from 0, < 1:4.1.48-2
MEDIUM5.9Possible request smuggling in HTTP/2 due missing validation of content-length
from 0, < 1:4.1.48-4
MEDIUM5.9Possible request smuggling in HTTP/2 due missing validation
from 0, < 1:4.1.48-3
MEDIUM5.8Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization
from 0
MEDIUM5.5Local Information Disclosure Vulnerability in io.netty:netty-codec-http
from 0
MEDIUM5.3Netty is a network application framework for development of protocol servers and clients.
from 0
MEDIUM5.3netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
from 0
MEDIUM5.3Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced
from 0
MEDIUM5.3Netty MQTT: Resource exhaustion in MqttDecoder
from 0
MEDIUM5.3Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection
from 0
MEDIUM5.3netty - security update
from 0, < 1:4.1.48-4+deb11u3
MEDIUM5.3netty - security update
from 0, < 1:4.1.33-1+deb10u5
MEDIUM5.3netty - security update
from 0, < 1:4.1.48-4+deb11u3
MEDIUM5.3HAProxyMessageDecoder Stack Exhaustion DoS
from 0, < 1:4.1.48-4+deb11u1
MEDIUM4.8Netty is a network application framework for development of protocol servers and clients.
from 0
MEDIUM4.0Netty: Unix-socket fd receive leaks descriptors when peer sends two at once
from 0
—Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion
from 0
—Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
from 0
—Netty has SMTP Command Injection Vulnerability that Allows Email Forgery
from 0, < 1:4.1.48-4+deb11u3