216.73.217.50

CVE-2025-55163

· Published 13/08/2025 15:15 · Modified 13/08/2025 17:33

Labels: CVE-2025-55163 2025-08-13CVE-2025-55163CWE-770[email protected]

Essential information

Published
13/08/2025 15:15
Modified
13/08/2025 17:33
Author
Creator
CVSS
8.2 HIGH (v3) 8.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
netty / netty cpe:2.3:a:netty:netty:<4.1.124.Final:*:*:*:*:*:*:*
netty / netty cpe:2.3:a:netty:netty:<4.2.4.Final:*:*:*:*:*:*:*

References