CNNVD-202509-235 Information
CNNVD ID
CNNVD-202509-235
Related CVE
- CNNVD Published: 2025-09-03
Description (Chinese)
Netty是Netty社区的一款非阻塞I/O客户端-服务器框架,它主要用于开发Java网络应用程序,如协议服务器和客户端等。 Netty 4.1.124.Final版本和4.2.0.Alpha3至4.2.4.Final版本存在环境问题漏洞,该漏洞源于错误解析换行符,可能导致HTTP请求夹带攻击。
Description (English)
Netty is a non-stop I/O client-server framework for Netty ’ s community, which is used mainly to develop Java web applications, such as protocol servers and clients. Netty 4.1.124.Final versions and 4.2.0. Alpha3 to 4.2.4.Final versions contain environmental loopholes that stem from incorrect decomposition line breaks that may lead to HTTP requesting a belt attack.
Hazard Level
Medium
Vulnerability Type
环境问题
Affected Vendor
Netty
Published
2025-09-03
Last Modified
2026-02-24
References
https://w4ke.info/2025/06/18/funky-chunks.html https://github.com/JLLeitschuh/unCVEed/issues/1 https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding https://github.com/netty/netty/pull/15611 https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49 https://github.com/netty/netty/issues/15522 https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284 https://vigilance.fr/vulnerability/Netty-header-injection-via-Standalone-Newline-Characters-48175