io.netty:netty-codec (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package io.netty:netty-codec, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2021-37136 — CVSS 7.5 (high): The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the…
CVE-2021-37137 — CVSS 7.5 (high): The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may…
CVE-2025-58057 — CVSS 7.5 (high): Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers…
CVE-2026-42583 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a…