CVE-2026-46340— Netty 资源管理错误漏洞
Possible ATT&CK Techniques 1AI
T1499 · Endpoint Denial of Service新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2026-46340の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Netty: SCTP reassembly nests buffers without bound
ソース: NVD (National Vulnerability Database)
脆弱性説明
Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does `fragments.put(streamId, Unpooled.wrappedBuffer(frag, byteBuf))`, wrapping the previous accumulator and the new slice into a *new* CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding references and component arrays; readableBytes()/getBytes() on the final buffer recurse N levels. There is no limit on N, on total bytes, or on the number of streamIdentifiers an attacker can open (each gets its own map entry). A peer that never sets the `complete` flag can grow this structure indefinitely from tiny 1-byte DATA chunks. Versions 4.1.135.Final and 4.2.15.Final patch the issue.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
不加限制或调节的资源分配
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Netty 资源管理错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Netty是Netty团队开源的一款非阻塞I/O客户端-服务器框架, 它主要用于开发Java网络应用程序,如协议服务器和客户端等。 Netty 4.1.135.Final之前版本和4.2.15.Final之前版本存在资源管理错误漏洞,该漏洞源于对SctpMessage片段处理不当,可能导致攻击者通过构造大量非完整的SctpMessage片段来无限制地增长CompositeByteBuf结构,从而造成拒绝服务。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2026-46340の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
Qwen3.6-35B-A3B · 9244 文字数
Pro+限定の内容:
脆弱性再現の録画(実際のサンドボックス構築 + トリガー、限定)
脆弱性の原理を深く分析
トリガー条件と影響範囲
完全な実行可能POCコード
攻撃チェーンと緩和策の提案
POCパッケージのダウンロード
月間100件以上のAI生成枠
III. CVE-2026-46340のインテリジェンス情報
请登录查看更多情报信息。
CVE-2026-46340 厂商安全公告 (1)
CVE-2026-46340 厂商页面 (2)
Same Patch Batch · netty · 2026-06-12 · 19 CVEs total
| CVE-2026-45674 | 8.7 HIGH | Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records |
| CVE-2026-47691 | 8.7 HIGH | Netty has Insufficient Bailiwick Validation for NS Records |
| CVE-2026-44892 | 7.5 HIGH | Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounde |
| CVE-2026-44894 | 7.5 HIGH | Netty's Default QUIC token handler accepts any client-supplied token |
| CVE-2026-44893 | 7.5 HIGH | Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length |
| CVE-2026-50011 | 7.5 HIGH | Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length |
| CVE-2026-50010 | 7.5 HIGH | Netty's wrapping plain trust manager silently disables hostname verification |
| CVE-2026-48748 | 7.5 HIGH | Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion |
| CVE-2026-45416 | 7.5 HIGH | Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes |
| CVE-2026-45673 | 6.8 MEDIUM | Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port |
| CVE-2026-48043 | 5.3 MEDIUM | netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Lea |
| CVE-2026-47244 | 5.3 MEDIUM | Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced |
| CVE-2026-50020 | 5.3 MEDIUM | Netty's HttpObjectDecoder skips arbitrary initial control characters when only initial CRL |
| CVE-2026-50009 | 4.8 MEDIUM | Netty QUIC stateless reset token material exposed through header-visible connection IDs |
| CVE-2026-45536 | 4.0 MEDIUM | Netty: Unix-socket fd receive leaks descriptors when peer sends two at once |
| CVE-2026-48006 | Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator | |
| CVE-2026-48059 | Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memo | |
| CVE-2026-50560 | Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature |
IV. 関連脆弱性
同じ製品: netty
- CVE-2026-50560
Netty susceptible to HTTP/2 Reset Attack with different on-t - CVE-2026-50020
Netty's HttpObjectDecoder skips arbitrary initial control ch - CVE-2026-50011
Netty has unbounded pre-allocation in RedisArrayAggregator f - CVE-2026-50010
Netty's wrapping plain trust manager silently disables hostn - CVE-2026-50009
Netty QUIC stateless reset token material exposed through he
同じベンダー: netty
- CVE-2026-50560
Netty susceptible to HTTP/2 Reset Attack with different on-t - CVE-2026-50020
Netty's HttpObjectDecoder skips arbitrary initial control ch - CVE-2026-50011
Netty has unbounded pre-allocation in RedisArrayAggregator f - CVE-2026-50010
Netty's wrapping plain trust manager silently disables hostn - CVE-2026-50009
Netty QUIC stateless reset token material exposed through he
同じ弱点: CWE-770
- CVE-2026-49337
libde265 has an unbounded memory leak via orphaned slice hea - CVE-2025-7737
DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual - CVE-2026-55205
Hermes WebUI < 0.51.468 - Resource Exhaustion via Unauthenti - CVE-2026-27869
WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REG - CVE-2026-48854
Unbounded request body accumulation causes memory exhaustion
V. CVE-2026-46340へのコメント
まだコメントはありません