目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1310 CNY

100%
コーヒーを一杯おごる

CVE-2026-48006— RedisArrayAggregator 字节缓冲池泄露漏洞

AI Predicted 7.5 Difficulty: Easy EPSS 0.04% · P12

Possible ATT&CK Techniques 1AI

T1496 · Resource Hijacking

Affected Version Matrix 2

ベンダープロダクトVersion Rangeステータス
nettynetty>= 4.2.0.Final, < 4.2.15.Finalaffected
< 4.1.135.Finalaffected
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2026-48006の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
ソース: NVD (National Vulnerability Database)
脆弱性説明
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate completes. The handler retains child messages in per-handler state (`depths` field) but defines no `channelInactive`, `handlerRemoved`, or `exceptionCaught` method to release them when the pipeline tears down. Because the leaked buffers are slices of `PooledByteBufAllocator` chunks, they prevent those chunks from being returned to the JVM-wide direct-memory pool. Repeated connection churn by any network peer monotonically drains this shared pool, eventually causing allocation failures on all Netty channels in the process. Versions 4.1.135.Final and 4.2.15.Final patch the issue.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
在移除最后引用时对内存的释放不恰当(内存泄露)
ソース: NVD (National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
nettynetty >= 4.2.0.Final, < 4.2.15.Final -

II. CVE-2026-48006の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2026-48006のインテリジェンス情報

登录查看更多情报信息。

CVE-2026-48006 厂商安全公告 (1)

CVE-2026-48006 厂商页面 (2)

Same Patch Batch · netty · 2026-06-12 · 19 CVEs total

CVE-2026-456748.7 HIGHNetty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
CVE-2026-476918.7 HIGHNetty has Insufficient Bailiwick Validation for NS Records
CVE-2026-448927.5 HIGHNetty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounde
CVE-2026-448947.5 HIGHNetty's Default QUIC token handler accepts any client-supplied token
CVE-2026-448937.5 HIGHNetty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length
CVE-2026-463407.5 HIGHNetty: SCTP reassembly nests buffers without bound
CVE-2026-500117.5 HIGHNetty has unbounded pre-allocation in RedisArrayAggregator from RESP array length
CVE-2026-500107.5 HIGHNetty's wrapping plain trust manager silently disables hostname verification
CVE-2026-487487.5 HIGHNetty HTTP/3 QPACK Blocked Streams Memory Exhaustion
CVE-2026-454167.5 HIGHNetty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes
CVE-2026-456736.8 MEDIUMNetty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
CVE-2026-480435.3 MEDIUMnetty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Lea
CVE-2026-500205.3 MEDIUMNetty's HttpObjectDecoder skips arbitrary initial control characters when only initial CRL
CVE-2026-472445.3 MEDIUMNetty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced
CVE-2026-500094.8 MEDIUMNetty QUIC stateless reset token material exposed through header-visible connection IDs
CVE-2026-455364.0 MEDIUMNetty: Unix-socket fd receive leaks descriptors when peer sends two at once
CVE-2026-50560Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature
CVE-2026-48059Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memo

IV. 関連脆弱性

同じ製品: netty
同じベンダー: netty
同じ弱点: CWE-401

V. CVE-2026-48006へのコメント

まだコメントはありません

コメントを残す