Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/931808?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/931808?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-11?distro=trixie", "type": "deb", "namespace": "debian", "name": "netty", "version": "1:4.1.48-11", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1:4.1.48-12", "latest_non_vulnerable_version": "1:4.1.48-16", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21830?format=api", "vulnerability_id": "VCID-337s-x5xq-9kc1", "summary": "Netty has SMTP Command Injection Vulnerability that Allows Email Forgery\nAn SMTP Command Injection (CRLF Injection) vulnerability in Netty's SMTP codec allows a remote attacker who can control SMTP command parameters (e.g., an email recipient) to forge arbitrary emails from the trusted server. This bypasses standard email authentication and can be used to impersonate executives and forge high-stakes corporate communications.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47322", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.4735", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47342", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52882", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52875", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52837", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52853", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52869", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52818", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52824", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52773", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52833", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52843", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59419" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gist.github.com/DepthFirstDisclosures/ddacca28cb94b48fa8ab998cef59ed8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/DepthFirstDisclosures/ddacca28cb94b48fa8ab998cef59ed8c" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/commit/1782e8c2060a244c4d4e6f9d9112d5517ca05120", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-15T17:21:01Z/" } ], "url": "https://github.com/netty/netty/commit/1782e8c2060a244c4d4e6f9d9112d5517ca05120" }, { "reference_url": "https://github.com/netty/netty/commit/2b3fddd3339cde1601f622b9ce5e54c39f24c3f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty/commit/2b3fddd3339cde1601f622b9ce5e54c39f24c3f9" }, { "reference_url": "https://www.depthfirst.com/post/our-ai-agent-found-a-netty-zero-day-that-bypasses-email-authentication-the-story-of-cve-2025-59419", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.depthfirst.com/post/our-ai-agent-found-a-netty-zero-day-that-bypasses-email-authentication-the-story-of-cve-2025-59419" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118282", "reference_id": "1118282", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404232", "reference_id": "2404232", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404232" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59419", "reference_id": "CVE-2025-59419", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59419" }, { "reference_url": "https://github.com/advisories/GHSA-jq43-27x9-3v86", "reference_id": "GHSA-jq43-27x9-3v86", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jq43-27x9-3v86" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-jq43-27x9-3v86", "reference_id": "GHSA-jq43-27x9-3v86", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-15T17:21:01Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-jq43-27x9-3v86" }, { "reference_url": "https://usn.ubuntu.com/7843-1/", "reference_id": "USN-7843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931792?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931807?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931790?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-7%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931806?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-7%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931794?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931809?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-10%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-10%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931808?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-11?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-11%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931793?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-16%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-59419", "GHSA-jq43-27x9-3v86" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-337s-x5xq-9kc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27522?format=api", "vulnerability_id": "VCID-8p2e-63th-gqge", "summary": "Netty affected by MadeYouReset HTTP/2 DDoS vulnerability\nBelow is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.”\n\n### MadeYouReset Vulnerability Summary\nThe MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service.\n\n### Mechanism\nThe vulnerability uses malformed HTTP/2 control frames, or malformed flow, in order to make the server reset streams created by the client (using the RST_STREAM frame). \nThe vulnerability could be triggered by several primitives, defined by the RFC of HTTP/2 (RFC 9113). The Primitives are:\n1. WINDOW_UPDATE frame with an increment of 0 or an increment that makes the window exceed 2^31 - 1. (section 6.9 + 6.9.1)\n2. HEADERS or DATA frames sent on a half-closed (remote) stream (which was closed using the END_STREAM flag). (note that for some implementations it's possible a CONTINUATION frame to trigger that as well - but it's very rare). (Section 5.1)\n3. PRIORITY frame with a length other than 5. (section 6.3)\nFrom our experience, the primitives are likely to exist in the decreasing order listed above.\nNote that based on the implementation of the library, other primitives (which are not defined by the RFC) might exist - meaning scenarios in which RST_STREAM is not supposed to be sent, but in the implementation it does. On the other hand - some RFC-defined primitives might not work, even though they are defined by the RFC (as some implementations are not fully complying with RFC). For example, some implementations we’ve seen discard the PRIORITY frame - and thus does not return RST_STREAM, and some implementations send GO_AWAY when receiving a WINDOW_UPDATE frame with increment of 0.\n\nThe vulnerability takes advantage of a design flaw in the HTTP/2 protocol - While HTTP/2 has a limit on the number of concurrently active streams per connection (which is usually 100, and is set by the parameter SETTINGS_MAX_CONCURRENT_STREAMS), the number of active streams is not counted correctly - when a stream is reset, it is immediately considered not active, and thus unaccounted for in the active streams counter. \nWhile the protocol does not count those streams as active, the server’s backend logic still processes and handles the requests that were canceled.\n\nThus, the attacker can exploit this vulnerability to cause the server to handle an unbounded number of concurrent streams from a client on the same connection. The exploitation is very simple: the client issues a request in a stream, and then sends the control frame that causes the server to send a RST_STREAM.\n\n### Attack Flow\nFor example, a possible attack scenario can be: \n1. Attacker opens an HTTP/2 connection to the server.\n2. Attacker sends HEADERS frame with END_STREAM flag on a new stream X. \n3. Attacker sends WINDOW_UPDATE for stream X with flow-control window of 0.\n4. The server receives the WINDOW_UPDATE and immediately sends RST_STREAM for stream X to the client (+ decreases the active streams counter by 1).\n\nThe attacker can repeat steps 2+3 as rapidly as it is capable, since the active streams counter never exceeds 1 and the attacker does not need to wait for the response from the server.\nThis leads to resource exhaustion and distributed denial of service vulnerabilities with an impact of: CPU overload and/or memory exhaustion (implementation dependent)\n\n### Comparison to Rapid Reset\nThe vulnerability takes advantage of a design flow in the HTTP/2 protocol that was also used in the Rapid Reset vulnerability (CVE-2023-44487) which was exploited as a zero-day in the wild in August 2023 to October 2023, against multiple services and vendors.\nThe Rapid Reset vulnerability uses RST_STREAM frames sent from the client, in order to create an unbounded amount of concurrent streams - it was given a CVSS score of 7.5.\nRapid Reset was mostly mitigated by limiting the number/rate of RST_STREAM sent from the client, which does not mitigate the MadeYouReset attack - since it triggers the server to send a RST_STREAM.\n\n### Suggested Mitigations for MadeYouReset\nA quick and easy mitigation will be to limit the number/rate of RST_STREAMs sent from the server.\nIt is also possible to limit the number/rate of control frames sent by the client (e.g. WINDOW_UPDATE and PRIORITY), and treat protocol flow errors as a connection error.\n\nAs mentioned in our previous message, this is a protocol-level vulnerability that affects multiple vendors and implementations. Given its broad impact, it is the shared responsibility of all parties involved to handle the disclosure process carefully and coordinate mitigations effectively.\n\n\nIf you have any questions, we will be happy to clarify or schedule a Zoom call.\n\nGal, Anat and Yaniv.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55163.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55163.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07803", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07757", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10793", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10776", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10807", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1066", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10737", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10616", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10752", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12045", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11927", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12023", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1199", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55163" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/grpc/grpc-java/commit/6462ef9a11980e168c21d90bbc7245c728fd1a7a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grpc/grpc-java/commit/6462ef9a11980e168c21d90bbc7245c728fd1a7a" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:37:06Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163" }, { "reference_url": "https://www.kb.cert.org/vuls/id/767506", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.kb.cert.org/vuls/id/767506" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/08/16/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/08/16/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111105", "reference_id": "1111105", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111105" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252", "reference_id": "2388252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252" }, { "reference_url": "https://github.com/advisories/GHSA-prj3-ccx8-p6x4", "reference_id": "GHSA-prj3-ccx8-p6x4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-prj3-ccx8-p6x4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14004", "reference_id": "RHSA-2025:14004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14008", "reference_id": "RHSA-2025:14008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14197", "reference_id": "RHSA-2025:14197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14911", "reference_id": "RHSA-2025:14911", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14911" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14919", "reference_id": "RHSA-2025:14919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15612", "reference_id": "RHSA-2025:15612", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15612" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15697", "reference_id": "RHSA-2025:15697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16407", "reference_id": "RHSA-2025:16407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17298", "reference_id": "RHSA-2025:17298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17299", "reference_id": "RHSA-2025:17299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17317", "reference_id": "RHSA-2025:17317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17318", "reference_id": "RHSA-2025:17318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17501", "reference_id": "RHSA-2025:17501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18989", "reference_id": "RHSA-2025:18989", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0742", "reference_id": "RHSA-2026:0742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931792?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931807?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-4%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-4%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931790?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-7%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931806?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-7%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-7%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931794?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931809?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-10%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-10%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931808?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-11?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-11%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931793?format=api", "purl": "pkg:deb/debian/netty@1:4.1.48-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-16%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-55163", "GHSA-prj3-ccx8-p6x4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8p2e-63th-gqge" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/netty@1:4.1.48-11%3Fdistro=trixie" }