{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Netty ist ein asynchrones, ereignisgesteuertes Netzwerk-Anwendungs-Framework für die schnelle Entwicklung von wartbaren, hochleistungsfähigen Protokollservern und -clients.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Netty ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges\n- UNIX", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1372 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1372.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1372 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1372" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-2c5c-chwr-9hqw vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-2c5c-chwr-9hqw" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-38f8-5428-x5cv vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-45q3-82m4-75jr vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-57rv-r2g8-2cj3 vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-cm33-6792-r9fm vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-f6hv-jmp6-3vwv vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-jfg9-48mv-9qgx vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-jfg9-48mv-9qgx" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-m4cv-j2px-7723 vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-mj4r-2hfc-f8p6 vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-rwm7-x88c-3g2p vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-rwm7-x88c-3g2p" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-v8h7-rr48-vmmv vom 2026-05-05", "url" : "https://github.com/advisories/GHSA-v8h7-rr48-vmmv" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-v8h7-rr48-vmmv vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-xxqh-mfjm-7mv9 vom 2026-05-05", "url" : "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9" }, { "category" : "external", "summary" : "Keycloak 26.6.3 release vom 2026-06-04", "url" : "https://www.keycloak.org/2026/06/keycloak-2663-released" }, { "category" : "external", "summary" : "Ubuntu Security Notice USN-8401-1 vom 2026-06-08", "url" : "https://ubuntu.com/security/notices/USN-8401-1" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2026:2308-1 vom 2026-06-09", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026653.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:24502 vom 2026-06-10", "url" : "https://access.redhat.com/errata/RHSA-2026:24502" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:23808 vom 2026-06-10", "url" : "https://access.redhat.com/errata/RHSA-2026:23808" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:25123 vom 2026-06-11", "url" : "https://access.redhat.com/errata/RHSA-2026:25123" } ], "source_lang" : "en-US", "title" : "Netty: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-06-10T22:00:00.000+00:00", "generator" : { "date" : "2026-06-11T10:21:04.274+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-1372", "initial_release_date" : "2026-05-05T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-05-05T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-05-06T22:00:00.000+00:00", "number" : "2", "summary" : "CVE ergänzt" }, { "date" : "2026-05-14T22:00:00.000+00:00", "number" : "3", "summary" : "Referenz(en) aufgenommen: EUVD-2026-30130, EUVD-2026-30124, EUVD-2026-30127, EUVD-2026-30129, EUVD-2026-30128, EUVD-2026-30126, EUVD-2026-30123, EUVD-2026-30122, EUVD-2026-30120, EUVD-2026-30125, EUVD-2026-30132, EUVD-2026-30121" }, { "date" : "2026-06-04T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates aufgenommen" }, { "date" : "2026-06-08T22:00:00.000+00:00", "number" : "5", "summary" : "Neue Updates von Ubuntu aufgenommen" }, { "date" : "2026-06-09T22:00:00.000+00:00", "number" : "6", "summary" : "Neue Updates von SUSE aufgenommen" }, { "date" : "2026-06-10T22:00:00.000+00:00", "number" : "7", "summary" : "Neue Updates von Red Hat aufgenommen" } ], "status" : "final", "version" : "7" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<26.6.3", "product" : { "name" : "Open Source Keycloak <26.6.3", "product_id" : "T054992" } }, { "category" : "product_version", "name" : "26.6.3", "product" : { "name" : "Open Source Keycloak 26.6.3", "product_id" : "T054992-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:keycloak:keycloak:26.6.3" } } } ], "category" : "product_name", "name" : "Keycloak" }, { "branches" : [ { "category" : "product_version_range", "name" : "<4.2.13.Final", "product" : { "name" : "Open Source Netty <4.2.13.Final", "product_id" : "T053584" } }, { "category" : "product_version", "name" : "4.2.13.Final", "product" : { "name" : "Open Source Netty 4.2.13.Final", "product_id" : "T053584-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:netty:netty:4.2.13.final" } } }, { "category" : "product_version_range", "name" : "<4.1.133.Final", "product" : { "name" : "Open Source Netty <4.1.133.Final", "product_id" : "T053585" } }, { "category" : "product_version", "name" : "4.1.133.Final", "product" : { "name" : "Open Source Netty 4.1.133.Final", "product_id" : "T053585-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:netty:netty:4.1.133.final" } } } ], "category" : "product_name", "name" : "Netty" } ], "category" : "vendor", "name" : "Open Source" }, { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux", "product" : { "name" : "Red Hat Enterprise Linux", "product_id" : "67646", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:-" } } } ], "category" : "vendor", "name" : "Red Hat" }, { "branches" : [ { "category" : "product_name", "name" : "SUSE Linux", "product" : { "name" : "SUSE Linux", "product_id" : "T002207", "product_identification_helper" : { "cpe" : "cpe:/o:suse:suse_linux:-" } } } ], "category" : "vendor", "name" : "SUSE" }, { "branches" : [ { "category" : "product_name", "name" : "Ubuntu Linux", "product" : { "name" : "Ubuntu Linux", "product_id" : "T000126", "product_identification_helper" : { "cpe" : "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category" : "vendor", "name" : "Ubuntu" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-41417", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-41417" }, { "cve" : "CVE-2026-42577", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-42577" }, { "cve" : "CVE-2026-42578", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-42578" }, { "cve" : "CVE-2026-42579", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-42579" }, { "cve" : "CVE-2026-42580", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-42580" }, { "cve" : "CVE-2026-42581", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-42581" }, { "cve" : "CVE-2026-42582", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-42582" }, { "cve" : "CVE-2026-42583", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-42583" }, { "cve" : "CVE-2026-42584", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-42584" }, { "cve" : "CVE-2026-42585", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-42585" }, { "cve" : "CVE-2026-42586", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-42586" }, { "cve" : "CVE-2026-42587", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-42587" }, { "cve" : "CVE-2026-44248", "product_status" : { "known_affected" : [ "T054992", "T053584", "T002207", "67646", "T000126", "T053585" ] }, "release_date" : "2026-05-05T22:00:00.000+00:00", "title" : "CVE-2026-44248" } ] }