CVE-2024-47535 — Uncontrolled Resource Consumption in Netty
Severity
5.5MEDIUMNVD
EPSS
0.5%
top 35.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 12
Latest updateApr 15
Description
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
Patches
🔴Vulnerability Details
6OSV▶
CVE-2025-25193: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4↗2025-02-10
OSV▶
CVE-2024-47535: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients↗2024-11-12
📋Vendor Advisories
6Oracle▶
Oracle Oracle Hospitality Applications Risk Matrix: Next-Gen SPMS (Netty) — CVE-2024-47535↗2025-04-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Solution Designer (Netty) — CVE-2024-47535↗2025-01-15
Debian▶
CVE-2025-25193: netty - Netty, an asynchronous, event-driven network application framework, has a vulner...↗2025