---

• netty in the Package Tracking System
• netty in the Bug Tracking System
• netty source code
• netty in the testing migration checker

Available versions

Release	Version
bullseye	1:4.1.48-4+deb11u2
bullseye (security)	1:4.1.48-4+deb11u3
bookworm	1:4.1.48-7+deb12u2
trixie	1:4.1.48-10+deb13u1
forky	1:4.1.48-16
sid	1:4.1.48-16

Open issues

Bug	bullseye	bookworm	trixie	forky	sid	Description
CVE-2026-50560	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-50020	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-50011	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-50010	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-50009	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-48748	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-48059	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-48043	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-48006	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-47691	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-47244	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-46340	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-45674	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-45673	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-45536	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-45416	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-44894	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-44893	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-44892	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-44890	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-44250	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-44249	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is a network application framework for development of protocol s ...
CVE-2026-44248	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-42587	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-42586	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-42585	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-42584	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-42583	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-42582	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-42581	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-42580	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-42579	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-42578	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-42577	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-41417	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty allows request-line validation to be bypassed when a `DefaultHtt ...
CVE-2026-33871	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...
CVE-2026-33870	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an asynchronous, event-driven network application framework. ...

Open unimportant issues

Bug	bullseye	bookworm	trixie	forky	sid	Description
CVE-2022-24823	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netty is an open-source, asynchronous event-driven network application ...

Resolved issues

Bug	Description
CVE-2025-67735	Netty is an asynchronous, event-driven network application framework. ...
CVE-2025-59419	Netty is an asynchronous, event-driven network application framework. ...
CVE-2025-58057	Netty is an asynchronous event-driven network application framework fo ...
CVE-2025-58056	Netty is an asynchronous event-driven network application framework fo ...
CVE-2025-55163	Netty is an asynchronous, event-driven network application framework. ...
CVE-2025-25193	Netty, an asynchronous, event-driven network application framework, ha ...
CVE-2025-24970	Netty, an asynchronous, event-driven network application framework, ha ...
CVE-2024-47535	Netty is an asynchronous event-driven network application framework fo ...
CVE-2024-29025	Netty is an asynchronous event-driven network application framework fo ...
CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2023-34462	Netty is an asynchronous event-driven network application framework fo ...
CVE-2022-41915	Netty project is an event-driven asynchronous network application fram ...
CVE-2022-41881	Netty project is an event-driven asynchronous network application fram ...
CVE-2021-43797	Netty is an asynchronous event-driven network application framework fo ...
CVE-2021-37137	The Snappy frame decoder function doesn't restrict the chunk length wh ...
CVE-2021-37136	The Bzip2 decompression decoder function doesn't allow setting size re ...
CVE-2021-21409	Netty is an open-source, asynchronous event-driven network application ...
CVE-2021-21295	Netty is an open-source, asynchronous event-driven network application ...
CVE-2021-21290	Netty is an open-source, asynchronous event-driven network application ...
CVE-2020-11612	The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...
CVE-2020-7238	Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...
CVE-2019-20445	HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...
CVE-2019-20444	HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...
CVE-2019-16869	Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...
CVE-2016-4970	handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and ...
CVE-2015-2156	Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0 ...
CVE-2014-3488	The SslHandler in Netty before 3.9.2 allows remote attackers to cause ...
CVE-2014-0193	WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7. ...

Security announcements

DSA / DLA	Description
DLA-4519-1	netty - security update
DSA-6160-1	netty - security update
DLA-3834-1	netty - security update
DLA-3656-1	netty - security update
DSA-5558-1	netty - security update
DSA-5316-1	netty - security update
DLA-3268-1	netty - security update
DSA-4885-1	netty - security update
DLA-2555-1	netty - security update
DLA-2364-1	netty - security update
DLA-2109-1	netty - security update
DSA-4597-1	netty - security update
DLA-1941-1	netty - security update

---

---