Vulnerabilidades en netty
60 resultadosCVE-2026-41417MEDIUMNetty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri()EPSS 0.3%CVE-2026-50560MEDIUMNetty susceptible to HTTP/2 Reset Attack with different on-the-wire signatureEPSS 0.3%CVE-2026-48748HIGHNetty HTTP/3 QPACK Blocked Streams Memory ExhaustionEPSS 0.3%CVE-2026-47244MEDIUMNetty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforcedEPSS 0.3%CVE-2025-67735MEDIUMNetty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoderEPSS 0.3%CVE-2026-44892HIGHNetty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header SizeEPSS 0.3%CVE-2024-36121MEDIUM netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats NoncesEPSS 0.3%CVE-2026-45673MEDIUMNetty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source PortEPSS 0.3%CVE-2026-42585MEDIUMNetty: HTTP Request Smuggling due to malformed Transfer-EncodingEPSS 0.2%CVE-2026-50020MEDIUMNetty's HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permittedEPSS 0.2%CVE-2026-47691HIGHNetty has Insufficient Bailiwick Validation for NS RecordsEPSS 0.2%CVE-2026-50009MEDIUMNetty QUIC stateless reset token material exposed through header-visible connection IDsEPSS 0.2%CVE-2026-42586MEDIUMNetty: CRLF Injection in Netty Redis Codec EncoderEPSS 0.2%CVE-2026-50010HIGHNetty's wrapping plain trust manager silently disables hostname verificationEPSS 0.2%CVE-2026-41207MEDIUMnetty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failuresEPSS 0.2%CVE-2026-48040MEDIUMnetty-incubator-codec-ohttp's Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory AccessEPSS 0.2%CVE-2026-44894HIGHNetty's Default QUIC token handler accepts any client-supplied tokenEPSS 0.2%CVE-2026-48480MEDIUMnetty-incubator-codec-ohttp OHttpVersionChunkDraft's Missing Final-Chunk Enforcement Leads to Undetected Stream TruncationEPSS 0.2%CVE-2026-45674HIGHNetty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME RecordsEPSS 0.2%CVE-2026-45536MEDIUMNetty: Unix-socket fd receive leaks descriptors when peer sends two at onceEPSS 0.1%