Known Vulnerabilities for products from Netty
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Netty".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33871 json | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a ... | Not Provided | 2026-03-27 | 2026-03-30 |
| CVE-2026-33870 json | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Ne... | Not Provided | 2026-03-27 | 2026-03-30 |
| CVE-2023-44487 json | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many stre... | 7.5 - HIGH | 2023-10-10 | 2024-02-02 |
| CVE-2023-34462 json | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance pr... | 6.5 - MEDIUM | 2023-06-22 | 2023-11-18 |
| CVE-2023-4586 json | A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname va... | 7.4 - HIGH | 2023-10-04 | 2023-12-06 |
| CVE-2022-41915 json | Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.... | 6.5 - MEDIUM | 2022-12-13 | 2023-03-01 |
| CVE-2022-41881 json | Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverfl... | 7.5 - HIGH | 2022-12-12 | 2023-03-01 |
| CVE-2022-24823 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.5 - MEDIUM | 2022-05-06 | 2022-12-03 |
| CVE-2021-43797 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2021-12-09 | 2023-02-24 |
| CVE-2021-37137 json | The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it ... | 7.5 - HIGH | 2021-10-19 | 2023-11-07 |
| CVE-2021-37136 json | The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affec... | 7.5 - HIGH | 2021-10-19 | 2023-11-07 |
| CVE-2021-21409 json | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p... | 5.9 - MEDIUM | 2021-03-30 | 2023-11-07 |
| CVE-2021-21295 json | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p... | 5.9 - MEDIUM | 2021-03-09 | 2023-11-07 |
| CVE-2021-21290 json | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p... | 5.5 - MEDIUM | 2021-02-08 | 2023-11-07 |
| CVE-2020-11612 json | The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream.... | 7.5 - HIGH | 2020-04-07 | 2023-11-07 |
| CVE-2020-7238 json | Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfe... | 7.5 - HIGH | 2020-01-27 | 2023-11-07 |
| CVE-2019-20445 json | HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length hea... | 9.1 - CRITICAL | 2020-01-29 | 2023-11-07 |
| CVE-2019-20444 json | HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separ... | 9.1 - CRITICAL | 2020-01-29 | 2023-11-07 |
| CVE-2019-16869 json | Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" lin... | 7.5 - HIGH | 2019-09-26 | 2023-11-07 |
| CVE-2017-5645 json | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from... | 9.8 - CRITICAL | 2017-04-17 | 2023-11-07 |
Known software with vulnerabilities from Netty
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Netty | Netty | 3.10.0 |