VIR Vulnerability Intelligence Relay

Package impact

java Maven / io.netty:netty-codec-http

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42581 critical 9.8 9.8 15d ago Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization susedebianjava
CVE-2026-42584 critical 9.1 9.1 15d ago Netty has HttpClientCodec response desynchronization susedebianjava
CVE-2026-42587 high 7.5 7.5 15d ago Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS susedebianjava
CVE-2026-42585 high 7.5 7.5 15d ago Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding susedebianjava
CVE-2026-42580 medium 6.5 6.5 15d ago Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing susedebianjava
CVE-2021-43797 medium 5.5 5y ago Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips contro… suserockylinuxdebianjava
CVE-2021-21290 medium 5.5 5y ago Local Information Disclosure Vulnerability in Netty on Unix-Like systems suserockylinuxdebianjava
CVE-2026-41417 medium 5.3 5.3 22d ago Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection susedebianjava
CVE-2026-33870 unknown 2mo ago Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encodin… susedebianjava
CVE-2025-67735 unknown 5mo ago Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder susedebianjava
CVE-2025-58056 unknown 9mo ago Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through … debianjava
CVE-2024-29025 unknown 2y ago Netty's HttpPostRequestDecoder can OOM susedebianjava
CVE-2022-41915 unknown 4y ago Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of va… susedebianjava
CVE-2022-24823 unknown 4y ago Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290… susedebianjava
CVE-2019-20444 unknown 6y ago HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invali… susedebianjava