Vulnerabilities > Netty > Netty > 4.0.2

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 Resource Exhaustion vulnerability in multiple products
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
2023-06-22 CVE-2023-34462 Resource Exhaustion vulnerability in Netty
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
low complexity
netty CWE-400
6.5
2022-12-12 CVE-2022-41881 Uncontrolled Recursion vulnerability in multiple products
Netty project is an event-driven asynchronous network application framework.
network
low complexity
netty debian CWE-674
7.5
2022-05-06 CVE-2022-24823 Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products
Netty is an open-source, asynchronous event-driven network application framework.
local
low complexity
netty oracle netapp CWE-379
5.5
2021-12-09 CVE-2021-43797 HTTP Request Smuggling vulnerability in multiple products
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
low complexity
netty quarkus netapp oracle debian CWE-444
6.5
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp debian CWE-400
7.5
2021-10-19 CVE-2021-37137 Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage.
network
low complexity
netty oracle quarkus netapp debian CWE-400
7.5
2021-03-30 CVE-2021-21409 HTTP Request Smuggling vulnerability in multiple products
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
high complexity
netty debian netapp oracle quarkus CWE-444
5.9
2021-03-09 CVE-2021-21295 HTTP Request Smuggling vulnerability in multiple products
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
high complexity
netty netapp debian quarkus apache oracle CWE-444
5.9
2021-02-08 CVE-2021-21290 Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
local
low complexity
netty debian quarkus oracle netapp CWE-379
5.5