VulnerableCode Package Details - pkg:maven/io.netty/netty-common@4.1.118.Final

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-c7cx-u73j-k7bx	Denial of Service attack on windows app using Netty ### Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. ### Details A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. ### PoC The PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00. When the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character. ### Impact Impact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv	CVE-2025-25193 GHSA-389x-839f-4rhx

Vulnerability

Summary

Aliases

VCID-c7cx-u73j-k7bx

Denial of Service attack on windows app using Netty ### Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. ### Details A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. ### PoC The PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00. When the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character. ### Impact Impact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv

CVE-2025-25193
GHSA-389x-839f-4rhx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-06T17:39:01.157768+00:00	GHSA Importer	Fixing	VCID-c7cx-u73j-k7bx	https://github.com/advisories/GHSA-389x-839f-4rhx	37.0.0
2025-07-03T19:20:34.073966+00:00	GitLab Importer	Fixing	VCID-c7cx-u73j-k7bx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-common/CVE-2025-25193.yml	37.0.0
2025-07-03T13:57:40.662678+00:00	GitLab Importer	Fixing	VCID-c7cx-u73j-k7bx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-common/CVE-2025-25193.yml	36.1.3
2025-07-01T12:12:34.972915+00:00	GithubOSV Importer	Fixing	VCID-c7cx-u73j-k7bx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-389x-839f-4rhx/GHSA-389x-839f-4rhx.json	36.1.3