Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

netty — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting netty. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Netty is an asynchronous event-driven network application framework primarily utilized for developing high-performance protocol servers and clients in Java. Its widespread adoption in enterprise infrastructure makes it a critical component for many distributed systems. Historically, vulnerabilities within the framework have predominantly involved denial-of-service conditions, memory leaks, and improper input validation leading to remote code execution. While cross-site scripting is less common due to its backend focus, privilege escalation risks exist when Netty components interact with untrusted data sources. Notable incidents often stem from misconfigured handlers or outdated versions failing to patch known buffer overflow issues. Security assessments frequently highlight the importance of keeping dependencies current, as the complexity of its event loop model can obscure subtle logic flaws. Developers must rigorously validate inputs and restrict resource allocation to mitigate the risk of exploitation, ensuring that the framework’s performance benefits do not compromise system integrity.

Found 19 results / 23Clear Filters
Top products by netty: netty netty-incubator-codec-ohttp io.netty:netty-codec-http2 netty-incubator-codec-quic
CVE IDTitleCVSSSeverityPublished
CVE-2026-41417 Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri() — nettyCWE-93 5.3 Medium2026-05-06
CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass — nettyCWE-770 7.5 -2026-03-27
CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing — nettyCWE-444 7.5 High2026-03-27
CVE-2025-67735 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder — nettyCWE-93 6.5 Medium2025-12-16
CVE-2025-59419 Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery — nettyCWE-93 9.8 -2025-10-15
CVE-2025-58057 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack — nettyCWE-409 7.5AIHighAI2025-09-03
CVE-2025-58056 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions — nettyCWE-444 7.4AIHighAI2025-09-03
CVE-2025-55163 Netty MadeYouReset HTTP/2 DDoS Vulnerability — nettyCWE-770 7.5AIHighAI2025-08-13
CVE-2025-25193 Denial of Service attack on windows app using Netty — nettyCWE-400 5.5 Medium2025-02-10
CVE-2025-24970 SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine — nettyCWE-20 7.5 High2025-02-10
CVE-2024-47535 Denial of Service attack on windows app using Netty — nettyCWE-400 5.5 Medium2024-11-12
CVE-2024-29025 Netty HttpPostRequestDecoder can OOM — nettyCWE-770 5.3 Medium2024-03-25
CVE-2023-34462 netty-handler SniHandler 16MB allocation — nettyCWE-400 6.5 Medium2023-06-22
CVE-2022-41915 Netty 安全漏洞 — nettyCWE-436 6.5 Medium2022-12-13
CVE-2022-41881 Netty 安全漏洞 — nettyCWE-674 5.3 Medium2022-12-12
CVE-2022-24823 Local Information Disclosure Vulnerability in io.netty:netty-codec-http — nettyCWE-668 5.5 Medium2022-05-06
CVE-2021-43797 HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling — nettyCWE-444 6.5 Medium2021-12-09
CVE-2021-21409 Possible request smuggling in HTTP/2 due missing validation of content-length — nettyCWE-444 5.9 Medium2021-03-30
CVE-2021-21290 Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files — nettyCWE-378 6.2 Medium2021-02-08

This page lists every published CVE security advisory associated with netty. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.