netty netty vulnerabilities and exploits

(subscribe to this query)

The SslHandler in Netty prior to 3.9.2 allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

Netty Netty Netty Netty 3.6.0 Netty Netty 3.6.1 Netty Netty 3.6.2 Netty Netty 3.6.3 Netty Netty 3.6.4 Netty Netty 3.6.5 Netty Netty 3.6.6 Netty Netty 3.6.7 Netty Netty 3.6.8 Netty Netty 3.7.0 Netty Netty 3.8.0

1 Github repository

Netty prior to 3.9.8.Final, 3.10.x prior to 3.10.3.Final, 4.0.x prior to 4.0.28.Final, and 4.1.x prior to 4.1.0.Beta5 and Play Framework 2.x prior to 2.3.9 might allow remote malicious users to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging imp...

Netty Netty Netty Netty 3.10.0 Netty Netty 3.10.1 Netty Netty 3.10.2 Netty Netty 4.0.0 Netty Netty 4.0.1 Netty Netty 4.0.2 Netty Netty 4.0.3 Netty Netty 4.0.4 Netty Netty 4.0.5 Netty Netty 4.0.6 Netty Netty 4.0.7

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel d...

netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate error...

Netty Netty-incubator-codec-ohttp

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.

Pivotal Reactor Netty 0.9.3 Pivotal Reactor Netty 0.9.4

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and before 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values i...

Netty Netty Debian Debian Linux 10.0 Debian Debian Linux 11.0

Netty project is an event-driven asynchronous network application framework. In versions before 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no worka...

Netty Netty Debian Debian Linux 10.0 Debian Debian Linux 11.0

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in al...

1 Github repository

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts...

1 Github repository

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is...

Pivotal Reactor Netty

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook