DNS Vulnerability in Netty Framework Affects Network Protocol Development
CVE-2026-45673
6.8MEDIUM
What is CVE-2026-45673?
Prior to specific updated versions, the Netty Framework utilized a predictable Pseudorandom Number Generator (PRNG) for DNS transaction ID generation and employed a static UDP source port. This predictable behavior significantly reduces the entropy of DNS queries, leaving them susceptible to DNS Cache Poisoning attacks, commonly associated with the Kaminsky exploit. This vulnerability can allow an attacker to divert legitimate traffic, leading to potential data breaches or service disruptions. Updated versions 4.1.135.Final and 4.2.15.Final have addressed and patched this critical issue, enhancing the security of DNS resolvers.
Affected Version(s)
netty >= 4.2.0.Final, < 4.2.15.Final < 4.2.0.Final, 4.2.15.Final
netty < 4.1.135.Final < 4.1.135.Final
