io.netty:netty-codec-http3
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting io.netty:netty-codec-http3page 1 of 1
- CVE-2026-42582HIGHCVSS 7.5EG 7.5✓ Fixed in 4.2.13.Final2026-05-13
vulnerable: 4.2.10.Final ... 4.2.9.Final (11 versions)
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute new byte[…
- CVE-2026-44892HIGHCVSS 7.5EG 7.5✓ Fixed in 4.2.15.Final2026-06-08
vulnerable: 4.2.10.Final ... 4.2.9.Final (13 versions)
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the `Http3ConnectionHandler` in the Netty HTTP/3 codec lacks an enforced maximum header s…
- CVE-2026-48748HIGHCVSS 7.5EG 7.5✓ Fixed in 4.2.15.Final2026-06-12
vulnerable: 4.2.10.Final ... 4.2.9.Final (13 versions)
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked strea…
Check whether io.netty:netty-codec-http3 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.netty:netty-codec-http3 CVEs against the assets you own.
Start Free Scan →