CVE-2026-45416

HIGH

7.5

CVSS Severity Score

EPSS Score0.1890%

EPSS Percentile7.81th

Published2026年6月12日

Last Modified2026年6月12日

Vulnerability Description

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates `ctx.alloc().buffer(handshakeLength)` (line 161). The guard at line 140 is `handshakeLength > maxClientHelloLength && maxClientHelloLength != 0`, and the commonly-used SniHandler/AbstractSniHandler constructors (SniHandler(Mapping), SniHandler(AsyncMapping), AbstractSniHandler()) pass maxClientHelloLength=0 and handshakeTimeoutMillis=0, so the length guard is disabled and no timeout is scheduled. A 16 MiB request exceeds the default pooled chunk size and becomes a huge/unpooled allocation performed immediately. The buffer is retained in the handler until the channel closes. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://github.com/netty/netty/releases/tag/netty-4.1.135.Final

🔗 https://github.com/netty/netty/releases/tag/netty-4.2.15.Final

🔗 https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh

Vulnerability Description

Affected Platforms (CPE)

References & Advisories

相关漏洞威胁