Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

netty — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting netty. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by netty:nettynetty-incubator-codec-ohttpio.netty:netty-codec-http2netty-incubator-codec-quic
CVE IDTitleCVSSSeverityPublished
CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass — nettyCWE-770 7.5 -2026-03-27
CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing — nettyCWE-444 7.5 High2026-03-27
CVE-2025-67735 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder — nettyCWE-93 6.5 Medium2025-12-16
CVE-2025-59419 Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery — nettyCWE-93 9.8 -2025-10-15
CVE-2025-58057 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack — nettyCWE-409 7.5AIHighAI2025-09-03
CVE-2025-58056 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions — nettyCWE-444 7.4AIHighAI2025-09-03
CVE-2025-55163 Netty MadeYouReset HTTP/2 DDoS Vulnerability — nettyCWE-770 7.5AIHighAI2025-08-13
CVE-2025-29908 Netty QUIC hash collision DoS attack — netty-incubator-codec-quicCWE-407 5.3 Medium2025-03-31
CVE-2025-25193 Denial of Service attack on windows app using Netty — nettyCWE-400 5.5 Medium2025-02-10
CVE-2025-24970 SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine — nettyCWE-20 7.5 High2025-02-10
CVE-2024-47535 Denial of Service attack on windows app using Netty — nettyCWE-400 5.5 Medium2024-11-12
CVE-2024-40642 Absent Input Validation in BinaryHttpParser in the netty incubator codec.bhttp — netty-incubator-codec-ohttpCWE-20 8.1 High2024-07-18
CVE-2024-36121 netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces — netty-incubator-codec-ohttpCWE-200 5.9 Medium2024-06-04
CVE-2024-29025 Netty HttpPostRequestDecoder can OOM — nettyCWE-770 5.3 Medium2024-03-25
CVE-2023-34462 netty-handler SniHandler 16MB allocation — nettyCWE-400 6.5 Medium2023-06-22
CVE-2022-41915 Netty 安全漏洞 — nettyCWE-436 6.5 Medium2022-12-13
CVE-2022-41881 Netty 安全漏洞 — nettyCWE-674 5.3 Medium2022-12-12
CVE-2022-24823 Local Information Disclosure Vulnerability in io.netty:netty-codec-http — nettyCWE-668 5.5 Medium2022-05-06
CVE-2021-43797 HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling — nettyCWE-444 6.5 Medium2021-12-09
CVE-2021-21409 Possible request smuggling in HTTP/2 due missing validation of content-length — nettyCWE-444 5.9 Medium2021-03-30
CVE-2021-21295 Possible request smuggling in HTTP/2 due missing validation — io.netty:netty-codec-http2CWE-444 5.9 Medium2021-03-09
CVE-2021-21290 Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files — nettyCWE-378 6.2 Medium2021-02-08

This page lists every published CVE security advisory associated with netty. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.