VDB
DEBIAN-CVE-2026-42580
DEBIAN-CVE-2026-42580
PUBLISHED
CVSS 6.5 MEDIUM
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | netty | 4.1.48-13, 4.1.48-14, 4.1.48-15 |
| Debian:12 | netty | 4.1.48-14, 0, 4.1.48-10 |
| Debian:11 | netty | 4.1.48-9, 4.1.48-16, 4.1.48-4 |
| Debian:13 | netty | 4.1.48-16, 4.1.48-15, 4.1.48-14 |
Timeline
- May 13, 2026 CVE Published
- May 14, 2026 CVE Updated