CVE-2026-42580
MEDIUM
6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: low
Description
AI Translation Available
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 7 Days)
190
Integer Overflow or Wraparound
StableCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Access Control
Other
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Memory)
Dos: Instability
Modify Memory
Execute Unauthorized Code Or Commands
Bypass Protection Mechanism
Alter Execution Logic
Dos: Resource Consumption (Cpu)
Applicable Platforms
Languages:
Not Language-Specific, C
444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Non-Repudiation
Access Control
Potential Impacts:
Unexpected State
Hide Activities
Bypass Protection Mechanism
Applicable Platforms
Technologies:
Web Based, Web Server
Application
Netty by Netty
Version Range Affected
From
4.2.0
(inclusive)
To
4.2.13
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Netty by Netty
Version Range Affected
To
4.1.133
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723
https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723