OESA-2023-1906 — Vulnetix

OESA-2023-1906 PUBLISHED

Asynchronous event-driven network application Java framework. Security Fix(es): Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.(CVE-2022-41881)

Affected Products

Vendor	Product	Versions
openEuler:22.03-LTS	netty	0, 0

Timeline

Dec 15, 2023 CVE Published
Sep 3, 2025 CVE Updated
May 2, 2026 Security Advisory

References

https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1906 advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-41881 advisory

Open in Interactive Console →