Logo
Retour à la veille

CVE-2026-44892

Publié : 12 juin 2026
Modifié : 12 juin 2026
Lien officiel NVD
Score CVSS
7.5
HIGH

Description détaillée

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the `Http3ConnectionHandler` in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify `HTTP3_SETTINGS_MAX_FIELD_SECTION_SIZE`, the implementation defaults to an unbounded limit. This insecure default configuration allows a malicious client or server to send an enormous number of headers, leading to a memory exhaustion Denial of Service via an `OutOfMemoryError`. Version 4.2.15.Final contains a patch.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Références et Patchs

https://github.com/netty/netty/releases/tag/netty-4.2.15.Finalhttps://github.com/netty/netty/security/advisories/GHSA-c2rx-5r8w-8xr2

Dernières Vulnérabilités

CVE-2026-12058

The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.

VOIR DÉTAILS

CVE-2026-11535

The authentication mechanism of a certain function in the PcSuite has a defect, which may result in information leakage within the range of a Bluetooth connection.

VOIR DÉTAILS

CVE-2026-9271

Vulnerability Title

VOIR DÉTAILS