Known Vulnerabilities for products from Netty

Listed below are 19 of the newest known vulnerabilities associated with the vendor "Netty".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-33871	Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a ...	Not Provided	2026-03-27	2026-03-30
CVE-2026-33870	Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Ne...	Not Provided	2026-03-27	2026-03-30
CVE-2022-24823	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	5.5 - MEDIUM	2022-05-06	2022-12-03
CVE-2021-43797	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	6.5 - MEDIUM	2021-12-09	2023-02-24
CVE-2021-37137	The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it ...	7.5 - HIGH	2021-10-19	2023-11-07
CVE-2021-37136	The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affec...	7.5 - HIGH	2021-10-19	2023-11-07
CVE-2021-21409	Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p...	5.9 - MEDIUM	2021-03-30	2023-11-07
CVE-2021-21295	Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p...	5.9 - MEDIUM	2021-03-09	2023-11-07
CVE-2021-21290	Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p...	5.5 - MEDIUM	2021-02-08	2023-11-07
CVE-2020-11612	The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream....	7.5 - HIGH	2020-04-07	2023-11-07
CVE-2020-7238	Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfe...	7.5 - HIGH	2020-01-27	2023-11-07
CVE-2019-20445	HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length hea...	9.1 - CRITICAL	2020-01-29	2023-11-07
CVE-2019-20444	HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separ...	9.1 - CRITICAL	2020-01-29	2023-11-07
CVE-2019-16869	Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" lin...	7.5 - HIGH	2019-09-26	2023-11-07
CVE-2017-5645	In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from...	9.8 - CRITICAL	2017-04-17	2023-11-07
CVE-2016-4970	handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cau...	7.5 - HIGH	2017-04-13	2023-11-07
CVE-2015-2156	Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framew...	7.5 - HIGH	2017-10-18	2023-11-07
CVE-2014-3488	The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption)...	5 - MEDIUM	2014-07-31	2020-02-19
CVE-2014-0193	WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x be...	5 - MEDIUM	2014-05-06	2023-02-13

Known software with vulnerabilities from Netty

Type	Vendor	Product	Version
Application	Netty	Netty	3.2.4