CVE-2026-45673

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.0380%

EPSS Percentile29.91th

Published2026年6月12日

Last Modified2026年6月12日

Vulnerability Description

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning (Kaminsky attack). Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://github.com/netty/netty/releases/tag/netty-4.1.135.Final

🔗 https://github.com/netty/netty/releases/tag/netty-4.2.15.Final

🔗 https://github.com/netty/netty/security/advisories/GHSA-xmv7-r254-6q78

Vulnerability Description

Affected Platforms (CPE)

References & Advisories

関連する脆弱性情報