Количество 8
Количество 8
CVE-2025-58056
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.
CVE-2025-58056
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.
CVE-2025-58056
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.
CVE-2025-58056
Netty is an asynchronous event-driven network application framework fo ...
GHSA-fghv-69vj-qj49
Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions
BDU:2025-12593
Уязвимость сетевого программного средства Netty, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю осуществлять атаки с подменой HTTP-запросов
ROS-20251002-02
Множественные уязвимости netty
SUSE-SU-2025:03114-1
Security update for netty, netty-tcnative
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-58056 Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-58056 Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-58056 Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-58056 Netty is an asynchronous event-driven network application framework fo ... | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
| GHSA-fghv-69vj-qj49 Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions | 0% Низкий | около 1 месяца назад | |
 | BDU:2025-12593 Уязвимость сетевого программного средства Netty, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю осуществлять атаки с подменой HTTP-запросов | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | ROS-20251002-02 Множественные уязвимости netty | CVSS3: 7.5 | 14 дней назад | |
 | SUSE-SU-2025:03114-1 Security update for netty, netty-tcnative | около 1 месяца назад |
Уязвимостей на страницу