VulnerableCode Package Details - pkg:maven/io.netty/netty-common@4.1.116.Final

Search for packages

Vulnerability	Summary	Fixed by
VCID-5vth-uvb8-kke2 Aliases: CVE-2025-25193 GHSA-389x-839f-4rhx	Denial of Service attack on windows app using Netty ### Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. ### Details A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. ### PoC The PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00. When the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character. ### Impact Impact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv	4.1.118.Final Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5vth-uvb8-kke2
Aliases:
CVE-2025-25193
GHSA-389x-839f-4rhx

Denial of Service attack on windows app using Netty ### Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. ### Details A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. ### PoC The PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00. When the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character. ### Impact Impact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv

4.1.118.Final
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:20:19.122693+00:00	GitLab Importer	Affected by	VCID-5vth-uvb8-kke2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-common/CVE-2025-25193.yml	38.4.0
2026-04-12T00:39:14.054798+00:00	GitLab Importer	Affected by	VCID-5vth-uvb8-kke2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-common/CVE-2025-25193.yml	38.3.0
2026-04-03T00:47:14.327440+00:00	GitLab Importer	Affected by	VCID-5vth-uvb8-kke2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-common/CVE-2025-25193.yml	38.1.0