CVE-2026-42580
published 2026-05-13CVE-2026-42580: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows…
medium6.5CVSS 3.1
AVNACLPRNUINSUCNILAL
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| candlepinproject | candlepin | — | — |
| devspaces | multicluster-redirector-rhel9 | — | — |
| devspaces | openvsx-rhel9 | — | — |
| devspaces | pluginregistry-rhel9 | — | — |
| devspaces | server-rhel9 | — | — |
| io.netty | netty-codec-http | < 4.1.133.Final | 4.1.133.Final |
| io.netty | netty-codec-http | — | — |
| io.netty | netty-codec-http | — | — |
| netty | netty | < 4.1.133.Final | 4.1.133.Final |
| netty | netty | < 4.1.133 | 4.1.133 |
| netty | netty | — | — |
| netty | netty | >= 4.2.0 < 4.2.13 | 4.2.13 |
| openshift-serverless-1 | kn-ekb-dispatcher-rhel9 | — | — |
| openshift-serverless-1 | kn-ekb-receiver-rhel9 | — | — |
| openshift-serverless-1 | kn-eventing-integrations-aws-ddb-streams-source-rhel9 | — | — |
| openshift-serverless-1 | kn-eventing-integrations-aws-s3-sink-rhel9 | — | — |
| openshift-serverless-1 | kn-eventing-integrations-aws-s3-source-rhel9 | — | — |
| openshift-serverless-1 | kn-eventing-integrations-aws-sns-sink-rhel9 | — | — |
| openshift-serverless-1 | kn-eventing-integrations-aws-sqs-sink-rhel9 | — | — |
| openshift-serverless-1 | kn-eventing-integrations-aws-sqs-source-rhel9 | — | — |
| openshift-serverless-1 | kn-eventing-integrations-log-sink-rhel9 | — | — |
| openshift-serverless-1 | kn-eventing-integrations-timer-source-rhel9 | — | — |
| rhbk-openshift-rhel9 | rhbk-openshift-rhel9 | — | — |
| rhbk-rhel9-operator | rhbk-rhel9-operator | — | — |
| rhbk | keycloak-rhel9 | — | — |