Yawkat

**Name of the Vulnerable Software and Affected Versions** Netty versions 4.1.124.Final and below Netty versions 4.2.4.Final and below **Description** Netty is an asynchronous event-driven network application framework. Certain decompression decoders, including `BrotliDecoder`, can allocate a large number of byte buffers when provided with specially crafted input, potentially leading to a denial of service. The `decompress` function within `BrotliDecoder` repeatedly calls `pull`, decompressing data in 64KB chunks, and the resulting buffers remain reachable until an out-of-memory (OOM) error occurs. **Recommendations** Update to Netty version 4.1.125.Final or later. Update to Netty version 4.2.5.Final or later.