VulnerableCode Package Details - pkg:maven/io.netty/netty-common@4.1.118.Final

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5vth-uvb8-kke2	Denial of Service attack on windows app using Netty ### Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. ### Details A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. ### PoC The PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00. When the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character. ### Impact Impact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv	CVE-2025-25193 GHSA-389x-839f-4rhx

Vulnerability

Summary

Aliases

VCID-5vth-uvb8-kke2

Denial of Service attack on windows app using Netty ### Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. ### Details A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. ### PoC The PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00. When the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character. ### Impact Impact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv

CVE-2025-25193
GHSA-389x-839f-4rhx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:20:19.129371+00:00	GitLab Importer	Fixing	VCID-5vth-uvb8-kke2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-common/CVE-2025-25193.yml	38.4.0
2026-04-12T00:39:14.061825+00:00	GitLab Importer	Fixing	VCID-5vth-uvb8-kke2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-common/CVE-2025-25193.yml	38.3.0
2026-04-07T04:56:58.340682+00:00	GHSA Importer	Fixing	VCID-5vth-uvb8-kke2	https://github.com/advisories/GHSA-389x-839f-4rhx	38.1.0
2026-04-03T00:47:14.335386+00:00	GitLab Importer	Fixing	VCID-5vth-uvb8-kke2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-common/CVE-2025-25193.yml	38.1.0
2026-04-02T12:40:47.617079+00:00	GitLab Importer	Fixing	VCID-5vth-uvb8-kke2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-common/CVE-2025-25193.yml	38.0.0
2026-04-01T12:55:49.626115+00:00	GithubOSV Importer	Fixing	VCID-5vth-uvb8-kke2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-389x-839f-4rhx/GHSA-389x-839f-4rhx.json	38.0.0