CVE-2026-45673— Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
Possible ATT&CK Techniques 1AI
T1557 · Adversary-in-the-MiddleGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45673
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
Source: NVD (National Vulnerability Database)
Vulnerability Description
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning (Kaminsky attack). Versions 4.1.135.Final and 4.2.15.Final patch the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用不充分的随机数
Source: NVD (National Vulnerability Database)
Vulnerability Title
Netty 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Netty是Netty团队开源的一款非阻塞I/O客户端-服务器框架, 它主要用于开发Java网络应用程序,如协议服务器和客户端等。 Netty 4.1.135.Final之前版本和4.2.15.Final之前版本存在加密问题漏洞,该漏洞源于DNS解析器使用可预测的PRNG生成DNS事务ID并默认使用静态UDP源端口,降低了DNS查询的熵,可能导致DNS缓存投毒。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45673
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45673
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-45673 (1)
Vendor Pages for CVE-2026-45673 (2)
Same Patch Batch · netty · 2026-06-12 · 19 CVEs total
| CVE-2026-47691 | 8.7 HIGH | Netty has Insufficient Bailiwick Validation for NS Records |
| CVE-2026-45674 | 8.7 HIGH | Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records |
| CVE-2026-50010 | 7.5 HIGH | Netty's wrapping plain trust manager silently disables hostname verification |
| CVE-2026-44892 | 7.5 HIGH | Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounde |
| CVE-2026-44894 | 7.5 HIGH | Netty's Default QUIC token handler accepts any client-supplied token |
| CVE-2026-44893 | 7.5 HIGH | Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length |
| CVE-2026-46340 | 7.5 HIGH | Netty: SCTP reassembly nests buffers without bound |
| CVE-2026-50011 | 7.5 HIGH | Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length |
| CVE-2026-48748 | 7.5 HIGH | Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion |
| CVE-2026-45416 | 7.5 HIGH | Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes |
| CVE-2026-48043 | 5.3 MEDIUM | netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Lea |
| CVE-2026-50020 | 5.3 MEDIUM | Netty's HttpObjectDecoder skips arbitrary initial control characters when only initial CRL |
| CVE-2026-47244 | 5.3 MEDIUM | Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced |
| CVE-2026-50009 | 4.8 MEDIUM | Netty QUIC stateless reset token material exposed through header-visible connection IDs |
| CVE-2026-45536 | 4.0 MEDIUM | Netty: Unix-socket fd receive leaks descriptors when peer sends two at once |
| CVE-2026-50560 | Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature | |
| CVE-2026-48006 | Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator | |
| CVE-2026-48059 | Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memo |
IV. Related Vulnerabilities
Same product: netty
- CVE-2026-50560
Netty susceptible to HTTP/2 Reset Attack with different on-t - CVE-2026-50020
Netty's HttpObjectDecoder skips arbitrary initial control ch - CVE-2026-50011
Netty has unbounded pre-allocation in RedisArrayAggregator f - CVE-2026-50010
Netty's wrapping plain trust manager silently disables hostn - CVE-2026-50009
Netty QUIC stateless reset token material exposed through he
Same vendor: netty
- CVE-2026-50560
Netty susceptible to HTTP/2 Reset Attack with different on-t - CVE-2026-50020
Netty's HttpObjectDecoder skips arbitrary initial control ch - CVE-2026-50011
Netty has unbounded pre-allocation in RedisArrayAggregator f - CVE-2026-50010
Netty's wrapping plain trust manager silently disables hostn - CVE-2026-50009
Netty QUIC stateless reset token material exposed through he
Same weakness: CWE-330
- CVE-2026-41701
In Spring AMQP sequential correlation IDs enable reply poiso - CVE-2026-41838
Spring Framework Predictable Session ID in WebSocket Module - CVE-2026-41207
netty-incubator-codec-ohttp's HPKEContext operations may pro - CVE-2026-50208
Permissive TrustAllCerts TLS Verification - CVE-2026-44054
Predictable afpd session token
V. Comments for CVE-2026-45673
No comments yet