CVE-2025-55163

High CVSS: 8.2

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.

Vendor

Netty

Product

Netty

CWE

CWE-770

Yayın Tarihi

2025-08-13 15:15:39

Güncelleme

2025-11-04 22:16:30

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-770 Netty HIGH Netty 2025

Referanslar

https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4 http://www.openwall.com/lists/oss-security/2025/08/16/1 https://www.kb.cert.org/vuls/id/767506

Benzer Kayıtlar

High

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Fina…

High

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Fina…

Medium

CVE-2025-67735

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final…

Medium

CVE-2025-58057

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performan…

Low

CVE-2025-58056

Netty is an asynchronous event-driven network application framework for development of maintainable high performance pro…

High

CVE-2025-24970

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final…