netty-tcnative (SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS package netty-tcnative, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (17)
CVE-2026-42583 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a…
CVE-2026-42587 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor…
CVE-2025-55163 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable…
CVE-2025-58056 — CVSS 7.5 (high): Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and…
CVE-2025-58057 — CVSS 7.5 (high): Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers…
CVE-2025-24970 — CVSS 7.5 (high): Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to…
CVE-2026-42582 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman…
CVE-2026-42578 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler…
CVE-2026-42579 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not…
CVE-2026-42584 — CVSS 7.3 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each…
CVE-2026-42586 — CVSS 6.8 (medium): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec…
CVE-2026-42580 — CVSS 6.5 (medium): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser…
CVE-2026-42585 — CVSS 6.5 (medium): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses…
CVE-2026-42581 — CVSS 5.8 (medium): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a…
CVE-2025-25193 — CVSS 5.5 (medium): Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An…
CVE-2026-44248 — CVSS 5.3 (medium): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties…
CVE-2026-41417 — CVSS 5.3 (medium): Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is…