CNNVD-202509-677 Information
CNNVD ID
CNNVD-202509-677
Related CVE
- CNNVD Published: 2025-09-04
Description (Chinese)
Netty是Netty社区的一款非阻塞I/O客户端-服务器框架,它主要用于开发Java网络应用程序,如协议服务器和客户端等。 Netty 4.1.124.Final及之前版本和4.2.4.Final及之前版本存在安全漏洞,该漏洞源于BrotliDecoder和其他解压缩解码器在处理特制输入时分配大量可访问字节缓冲区,可能导致拒绝服务。
Description (English)
Netty is a non-stop I/O client-server framework for Netty ’ s community, which is used mainly to develop Java web applications, such as protocol servers and clients. Netty 4.1.124. Final and previous versions and 4.2.4.FINAL had a security loophole, which stemmed from the fact that BrotliDecoder and other compressors had allocated a large number of accessible byte buffer zones when processing custom-made inputs, which could lead to the denial of services.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Netty
Published
2025-09-04
Last Modified
2026-02-24
References
https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d https://github.com/netty/netty/security/advisories/GHSA-3p8m-j85q-pgmj https://www.oracle.com/security-alerts/cpuoct2025.html https://vigilance.fr/vulnerability/Netty-overload-via-BrotliDecoder-48176 https://www.oracle.com/security-alerts/cpujan2026.html