Network Application Framework Vulnerability in Netty by Vendor Netty
CVE-2026-46340
7.5HIGH
What is CVE-2026-46340?
The vulnerability in the netty-transport-sctp allows for unbounded growth of CompositeByteBuf structures due to an attacker exploiting non-complete SctpMessage fragments. As a result, an attacker can open multiple stream identifiers without limitations, causing the instance to recursively handle an ever-growing number of buffers, leading to potential resource exhaustion and performance degradation. Updating to versions 4.1.135.Final or 4.2.15.Final mitigates this issue.
Affected Version(s)
netty >= 4.2.0.Final, < 4.2.15.Final < 4.2.0.Final, 4.2.15.Final
netty < 4.1.135.Final < 4.1.135.Final
