CVE-2026-44890

Name of the Vulnerable Software and Affected Versions Netty (affected versions not specified)

Description A Denial of Service (DoS) issue exists where an attacker can exhaust the server's direct memory pool, leading to an OutOfDirectMemoryError and preventing legitimate connections. This occurs because the decodeLength function in io.netty.handler.codec.redis.RedisDecoder reads bytes from the network until a character is encountered but does not enforce a maximum length check while buffering. An attacker can exploit this by opening multiple concurrent connections and sending a continuous stream of digits without the required r termination specified in the RESP protocol, causing the system to buffer data indefinitely.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.