netty-tcnative (SUSE:Linux Enterprise Server 15 SP6-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 15 SP6-LTSS package netty-tcnative, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2026-42587 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor…
CVE-2026-42578 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler…
CVE-2026-42579 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not…
CVE-2026-42582 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman…
CVE-2026-42583 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a…
CVE-2026-42584 — CVSS 7.3 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each…
CVE-2026-42586 — CVSS 6.8 (medium): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec…
CVE-2026-42585 — CVSS 6.5 (medium): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses…
CVE-2026-42580 — CVSS 6.5 (medium): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser…
CVE-2026-42581 — CVSS 5.8 (medium): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a…
CVE-2026-44248 — CVSS 5.3 (medium): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties…
CVE-2026-41417 — CVSS 5.3 (medium): Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is…