PT-2026-38373 · Netty · Netty

Published

2026-05-07

Updated

2026-06-24

CVE-2026-42580

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Netty versions prior to 4.1.133.Final

Description Netty's chunk size parser silently overflows an integer, which allows for request smuggling attacks. This occurs within the getChunkSize() function of the io.netty.handler.codec.http.HttpObjectDecoder class, where the size is accumulated by multiplying the result by 16 and adding the digit. Because the result is only checked for negative values, a carefully crafted chunk size can result in a valid size, enabling an attacker to inject arbitrary HTTP requests inside a chunked body.

Recommendations Update to version 4.2.13.Final. Update to version 4.1.133.Final.

Exploit

Fix

DoS

HTTP Request/Response Smuggling

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444CWE-190

Related Identifiers

CLEANSTART-2026-CP46043

CLEANSTART-2026-DD05788

CLEANSTART-2026-EG39405

CLEANSTART-2026-GX01236

CLEANSTART-2026-LE11246

CLEANSTART-2026-MX76059

CLEANSTART-2026-PM36304

CLEANSTART-2026-PO27799

CLEANSTART-2026-RN56220

CLEANSTART-2026-RU36468

CLEANSTART-2026-VJ37814

CVE-2026-42580

GHSA-M4CV-J2PX-7723

OPENSUSE-SU-2026:10795-1

SUSE-SU-2026:2308-1

Affected Products

Netty

PT-2026-38373 · Netty · Netty

CVE-2026-42580

Weakness Enumeration

Related Identifiers

Affected Products

References · 394