{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Netty ist ein asynchrones, ereignisgesteuertes Netzwerk-Anwendungs-Framework für die schnelle Entwicklung von wartbaren, hochleistungsfähigen Protokollservern und -clients.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Netty ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand herbeizuführen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges\n- UNIX", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1814 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1814.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1814 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1814" }, { "category" : "external", "summary" : "Netty Security Advisories vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-3244-j874-rhc2 vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-3244-j874-rhc2" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-4grm-h2qv-h6w6 vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-4grm-h2qv-h6w6" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-5pvg-856g-cp85 vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-5pvg-856g-cp85" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-5w86-c3rq-vjj7 vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-5w86-c3rq-vjj7" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-5x3r-wrvg-rp6q vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-5x3r-wrvg-rp6q" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-5xrh-qmmq-w6ch vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-5xrh-qmmq-w6ch" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-676x-f7gg-47vc vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-6ghj-frrj-jjj3 vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-6ghj-frrj-jjj3" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-6jv9-x5w9-2ccm vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-6jv9-x5w9-2ccm" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-c2gf-v879-257j vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-c2gf-v879-257j" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-c2rx-5r8w-8xr2 vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-c2rx-5r8w-8xr2" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-c653-97m9-rcg9 vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-c653-97m9-rcg9" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-cc37-9q2j-3hfv vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-cmm3-54f8-px4j vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-cmm3-54f8-px4j" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-cq4q-cv5g-r8q5 vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-cq4q-cv5g-r8q5" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-h2qv-fj59-j46j vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-h2qv-fj59-j46j" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-hvcg-qmg6-jm4c vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-hvcg-qmg6-jm4c" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-w573-9ffj-6ff9 vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-w573-9ffj-6ff9" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-x4gw-5cx5-pgmh vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-xmv7-r254-6q78 vom 2026-06-07", "url" : "https://github.com/netty/netty/security/advisories/GHSA-xmv7-r254-6q78" } ], "source_lang" : "en-US", "title" : "Netty: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-06-07T22:00:00.000+00:00", "generator" : { "date" : "2026-06-08T09:45:56.565+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-1814", "initial_release_date" : "2026-06-07T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-06-07T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<4.2.15.Final", "product" : { "name" : "Open Source Netty <4.2.15.Final", "product_id" : "T055037" } }, { "category" : "product_version", "name" : "4.2.15.Final", "product" : { "name" : "Open Source Netty 4.2.15.Final", "product_id" : "T055037-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:netty:netty:4.2.15.final" } } }, { "category" : "product_version_range", "name" : "<4.1.135.Final", "product" : { "name" : "Open Source Netty <4.1.135.Final", "product_id" : "T055038" } }, { "category" : "product_version", "name" : "4.1.135.Final", "product" : { "name" : "Open Source Netty 4.1.135.Final", "product_id" : "T055038-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:netty:netty:4.1.135.final" } } } ], "category" : "product_name", "name" : "Netty" } ], "category" : "vendor", "name" : "Open Source" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-44250", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-44250" }, { "cve" : "CVE-2026-44890", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-44890" }, { "cve" : "CVE-2026-44892", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-44892" }, { "cve" : "CVE-2026-44893", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-44893" }, { "cve" : "CVE-2026-44894", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-44894" }, { "cve" : "CVE-2026-45416", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-45416" }, { "cve" : "CVE-2026-45536", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-45536" }, { "cve" : "CVE-2026-45673", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-45673" }, { "cve" : "CVE-2026-45674", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-45674" }, { "cve" : "CVE-2026-46340", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-46340" }, { "cve" : "CVE-2026-47244", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-47244" }, { "cve" : "CVE-2026-47691", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-47691" }, { "cve" : "CVE-2026-48006", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-48006" }, { "cve" : "CVE-2026-48043", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-48043" }, { "cve" : "CVE-2026-48059", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-48059" }, { "cve" : "CVE-2026-48748", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-48748" }, { "cve" : "CVE-2026-50010", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-50010" }, { "cve" : "CVE-2026-50020", "product_status" : { "known_affected" : [ "T055038", "T055037" ] }, "release_date" : "2026-06-07T22:00:00.000+00:00", "title" : "CVE-2026-50020" } ] }