VIR Vulnerability Intelligence Relay

Package impact

java Maven / io.netty:netty-codec-http2

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42587 high 7.5 7.5 15d ago Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS susedebianjava
CVE-2021-21409 medium 5.5 5y ago Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http… suserockylinuxdebianjava
CVE-2021-21295 medium 5.5 5y ago Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http… suserockylinuxdebianjava
CVE-2026-33871 unknown 2mo ago Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 s… susedebianjava
CVE-2025-55163 unknown 10mo ago Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the… susedebianjava