CNNVD-202508-1386 Information
CNNVD ID
CNNVD-202508-1386
Related CVE
- CNNVD Published: 2025-08-13
Description (Chinese)
Netty是Netty社区的一款非阻塞I/O客户端-服务器框架,它主要用于开发Java网络应用程序,如协议服务器和客户端等。 Netty 4.1.124.Final和4.2.4.Final之前版本存在安全漏洞,该漏洞源于HTTP/2协议逻辑缺陷,可能导致资源耗尽和分布式拒绝服务攻击。
Description (English)
Netty is a non-stop I/O client-server framework for Netty ’ s community, which is used mainly to develop Java web applications, such as protocol servers and clients. Netty 4.1.124.Final and 4.2.4.Final had a security loophole, which stemmed from the logical defect of the HTTP/2 agreement and could lead to resource depletion and distributed denial of service attacks.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Netty
Published
2025-08-13
Last Modified
2026-02-24
References
https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4 https://vigilance.fr/vulnerability/Netty-overload-via-HTTP-2-Made-You-Reset-Attack-48134 https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/cpujan2026.html
Patch
https://github.com/netty/netty/tags
Share on: