Back to CVE List

CVE-2026-42580

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Vulnerability Description

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-190
Source
GitHub
Vendor
maven
Product
io.netty:netty-codec-http

External References

Discussion (0)

Add Comment

No comments yet. Be the first!