Uploaded image for project: 'Red Hat Data Grid'
  1. Red Hat Data Grid
  2. JDG-7700

[Minor Incident] CVE-2025-55163 netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability [jdg-8]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • CVEORG
    • CVE-2025-55163
    • 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    • CWE-770
    • netty-codec-http2
    • netty; netty-codec-http2
    • Minor Incident
    • False
    • Important

      Security Tracking Issue

      Do not make this issue public.

      Flaw:


      Netty MadeYouReset HTTP/2 DDoS Vulnerability

      Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.

      ~~~

      The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
      https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams

      Tracker accuracy feedback form: https://docs.google.com/forms/d/e/1FAIpQLSfa6zTaEGohRdiIqGVAvWTSAL0kpO_DkkEICuIHzQHFwmKswg/viewform

              pminz@redhat.com Priyanka Minz
              rh-ee-jmoroney Jon Moroney
              Anna Manukyan Anna Manukyan
              Paramvir Jindal
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: