pkg:Debian/netty

共 52 筆 CVECRITICAL5HIGH24MEDIUM22

✅ 檢查你的版本

所有已知漏洞

  • MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
    from 0, < 1:4.1.48-4+deb11u2
  • MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
    from 0, < 1:4.1.33-1+deb10u4
  • CRITICAL9.1CVE-2019-20444netty - security update
    from 0, < 1:4.1.7-2+deb9u2
  • CRITICAL9.1CVE-2019-20444netty - security update
    from 0, < 1:4.1.45-1
  • CRITICAL9.1CVE-2019-20444netty - security update
    from 0, < 1:4.1.33-1+deb10u2
  • CRITICAL9.1CVE-2019-20444netty - security update
    from 0, < 1:3.2.6.Final-2+deb8u2
  • CRITICAL9.1CVE-2019-20445HTTP Request Smuggling in Netty
    from 0, < 1:4.1.45-1
  • HIGH7.5CVE-2026-42587Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
    from 0
  • HIGH7.5CVE-2026-42583Netty Lz4FrameDecoder is vulnerable to resource exhaustion
    from 0
  • HIGH7.5CVE-2026-42582Netty HTTP/3 QPACK literal unbounded allocation
    from 0
  • HIGH7.5CVE-2026-42579Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)
    from 0
  • HIGH7.5CVE-2026-42578Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)
    from 0
  • HIGH7.5CVE-2026-42577Netty epoll transport denial of service via RST on half-closed TCP connection
    from 0
  • HIGH7.5CVE-2026-33871Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass
    from 0
  • HIGH7.5CVE-2026-33870Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
    from 0
  • HIGH7.5CVE-2025-58056Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions
    from 0, < 1:4.1.48-4+deb11u3
  • HIGH7.5CVE-2025-58057Netty's decoders vulnerable to DoS via zip bomb style attack
    from 0, < 1:4.1.48-4+deb11u3
  • HIGH7.5CVE-2025-55163netty - security update
    from 0, < 1:4.1.48-4+deb11u3
  • HIGH7.5CVE-2025-55163netty - security update
    from 0, < 1:4.1.48-7+deb12u2
  • HIGH7.5CVE-2016-4970Loop with Unreachable Exit Condition in Netty
    from 0, < 1:4.0.37-1
  • HIGH7.5CVE-2021-37137SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
    from 0, < 1:4.1.48-4+deb11u1
  • HIGH7.5CVE-2021-37136Bzip2Decoder doesn't allow setting size restrictions for decompressed data
    from 0, < 1:4.1.48-4+deb11u1
  • HIGH7.5CVE-2021-37136Bzip2Decoder doesn't allow setting size restrictions for decompressed data
    from 0, < 1:4.1.33-1+deb10u3
  • HIGH7.5CVE-2021-37136Bzip2Decoder doesn't allow setting size restrictions for decompressed data
    from 0, < 1:4.1.48-4+deb11u1
  • HIGH7.5CVE-2015-2156Information Exposure in Netty
    from 0, < 1:4.0.31-1
  • HIGH7.5CVE-2020-11612Denial of Service in Netty
    from 0, < 1:4.1.48-1
  • HIGH7.5CVE-2020-7238HTTP Request Smuggling in Netty
    from 0, < 1:4.1.45-1
  • HIGH7.5CVE-2019-16869netty - security update
    from 0, < 1:3.2.6.Final-2+deb8u1
  • HIGH7.5CVE-2019-16869netty - security update
    from 0, < 1:4.1.7-2+deb9u1
  • HIGH7.5CVE-2019-16869netty - security update
    from 0, < 1:4.1.33-2
  • HIGH7.3CVE-2026-42584Netty has HttpClientCodec response desynchronization
    from 0
  • MEDIUM6.8CVE-2026-42586Netty Redis Codec Encoder has a CRLF Injection Issue
    from 0
  • MEDIUM6.5CVE-2026-42585Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
    from 0
  • MEDIUM6.5CVE-2026-42580Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing
    from 0
  • MEDIUM6.5CVE-2025-67735Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
    from 0, < 1:4.1.48-4+deb11u3
  • MEDIUM6.5CVE-2023-34462netty - security update
    from 0, < 1:4.1.48-4+deb11u2
  • MEDIUM6.5CVE-2023-34462netty - security update
    from 0, < 1:4.1.48-4+deb11u2
  • MEDIUM6.5CVE-2022-41915Netty vulnerable to HTTP Response splitting from assigning header value iterator
    from 0, < 1:4.1.48-4+deb11u1
  • MEDIUM6.5CVE-2021-43797HTTP request smuggling in netty
    from 0, < 1:4.1.48-4+deb11u1
  • MEDIUM6.2CVE-2021-21290Local Information Disclosure Vulnerability in Netty on Unix-Like systems
    from 0, < 1:4.1.48-2
  • MEDIUM6.2CVE-2021-21290Local Information Disclosure Vulnerability in Netty on Unix-Like systems
    from 0, < 1:4.1.7-2+deb9u3
  • MEDIUM5.9CVE-2021-21409Possible request smuggling in HTTP/2 due missing validation of content-length
    from 0, < 1:4.1.48-4
  • MEDIUM5.9CVE-2021-21295Possible request smuggling in HTTP/2 due missing validation
    from 0, < 1:4.1.48-3
  • MEDIUM5.8CVE-2026-42581Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization
    from 0
  • MEDIUM5.5CVE-2022-24823Local Information Disclosure Vulnerability in io.netty:netty-codec-http
    from 0
  • MEDIUM5.3CVE-2026-44248Netty MQTT: Resource exhaustion in MqttDecoder
    from 0
  • MEDIUM5.3CVE-2026-41417Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection
    from 0
  • MEDIUM5.3CVE-2024-29025netty - security update
    from 0, < 1:4.1.33-1+deb10u5
  • MEDIUM5.3CVE-2024-29025netty - security update
    from 0, < 1:4.1.48-4+deb11u3
  • MEDIUM5.3CVE-2024-29025netty - security update
    from 0, < 1:4.1.48-4+deb11u3
  • MEDIUM5.3CVE-2022-41881HAProxyMessageDecoder Stack Exhaustion DoS
    from 0, < 1:4.1.48-4+deb11u1
  • CVE-2025-59419Netty has SMTP Command Injection Vulnerability that Allows Email Forgery
    from 0, < 1:4.1.48-4+deb11u3
Debian/netty — 52 CVEs · VulnScope