[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2023:2096-2":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":64,"epss":9,"epss_history":65,"metrics":66,"affected":67},"SUSE-SU-2023:2096-2","Security update for netty, netty-tcnative\n\nThis update for netty, netty-tcnative fixes the following issues:\n\nnetty:\n\n- Security fixes included in this version update from 4.1.75 to 4.1.90:\n  * CVE-2022-24823: Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files for\n    Java 6 and lower in io.netty:netty-codec-http (bsc#1199338)\n  * CVE-2022-41881: HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360)\n  * CVE-2022-41915: HTTP Response splitting from assigning header value iterator (bsc#1206379)\n    \n- Other non-security bug fixes included in this version update from 4.1.75 to 4.1.90:\n  * Build with Java 11 on ix86 architecture in order to avoid build failures \n  * Fix `HttpHeaders.names` for non-String headers\n  * Fix `FlowControlHandler` behaviour to pass read events when auto-reading is turned off\n  * Fix brotli compression\n  * Fix a bug in FlowControlHandler that broke auto-read\n  * Fix a potential memory leak bug has been in the pooled allocator\n  * Fix a scalability issue caused by instanceof and check-cast checks that lead to false-sharing on the \n    `Klass::secondary_super_cache` field in the JVM\n  * Fix a bug in our `PEMParser` when PEM files have multiple objects, and `BouncyCastle` is on the classpath\n  * Fix several `NullPointerException` bugs\n  * Fix a regression `SslContext` private key loading\n  * Fix a bug in `SslContext` private key reading fall-back path\n  * Fix a buffer leak regression in `HttpClientCodec`\n  * Fix a bug where some `HttpMessage` implementations, that also implement `HttpContent`, were not handled correctly\n  * Fix epoll bug when receiving zero-sized datagrams\n  * Fix a bug in `SslHandler` so `handlerRemoved` works properly even if `handlerAdded` throws an exception\n  * Fix an issue that allowed the multicast methods on `EpollDatagramChannel` to be called outside of an event-loop \n    thread\n  * Fix a bug where an OPT record was added to DNS queries that already had such a record\n  * Fix a bug that caused an error when files uploaded with HTTP POST contained a backslash in their name\n  * Fix an issue in the `BlockHound` integration that could occasionally cause NetUtil to be reported as performing\n    blocking operation. A similar `BlockHound` issue was fixed for the `JdkSslContext`\n  * Fix a bug that prevented preface or settings frames from being flushed, when an HTTP2 connection was established\n    with prior-knowledge\n  * Fix a bug where Netty fails to load a shaded native library\n  * Fix and relax overly strict HTTP/2 header validation check that was rejecting requests from Chrome and Firefox\n  * Fix OpenSSL and BoringSSL implementations to respect the `jdk.tls.client.protocols` and `jdk.tls.server.protocols`\n    system properties, making them react to these in the same way the JDK SSL provider does\n  * Fix inconsitencies in how `epoll`, `kqueue`, and `NIO` handle RDHUP\n  * For a more detailed list of changes please consult the official release notes:\n    +  Changes from 4.1.90: https://netty.io/news/2023/03/14/4-1-90-Final.html\n    +  Changes from 4.1.89: https://netty.io/news/2023/02/13/4-1-89-Final.html\n    +  Changes from 4.1.88: https://netty.io/news/2023/02/12/4-1-88-Final.html\n    +  Changes from 4.1.87: https://netty.io/news/2023/01/12/4-1-87-Final.html\n    +  Changes from 4.1.86: https://netty.io/news/2022/12/12/4-1-86-Final.html\n    +  Changes from 4.1.85: https://netty.io/news/2022/11/09/4-1-85-Final.html\n    +  Changes from 4.1.84: https://netty.io/news/2022/10/11/4-1-84-Final.html\n    +  Changes from 4.1.82: https://netty.io/news/2022/09/13/4-1-82-Final.html\n    +  Changes from 4.1.81: https://netty.io/news/2022/09/08/4-1-81-Final.html\n    +  Changes from 4.1.80: https://netty.io/news/2022/08/26/4-1-80-Final.html\n    +  Changes from 4.1.79: https://netty.io/news/2022/07/11/4-1-79-Final.html\n    +  Changes from 4.1.78: https://netty.io/news/2022/06/14/4-1-78-Final.html\n    +  Changes from 4.1.77: https://netty.io/news/2022/05/06/2-1-77-Final.html\n    +  Changes from 4.1.76: https://netty.io/news/2022/04/12/4-1-76-Final.html\n\nnetty-tcnative:\n    \n- New artifact named `netty-tcnative-classes`, provided by this update is required by netty 4.1.90 which contains \n  important security updates\n- No formal changelog present. This artifact is closely bound to the netty releases\n",null,[],[],[],[14,16,18],{"_key":15},"CVE-2022-24823",{"_key":17},"CVE-2022-41881",{"_key":19},"CVE-2022-41915",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2023-06-21T10:37:18Z","2026-02-04T02:29:06.168121Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,38,43,47,51,56,60],{"url":32,"sources":33,"tags":36},"https://www.suse.com/support/update/announcement/2023/suse-su-20232096-2/",[34,35],"osv_suse","osv_opensuse",[37],"Advisory",{"url":39,"sources":40,"tags":41},"https://bugzilla.suse.com/1199338",[34,35],[42],"REPORT",{"url":44,"sources":45,"tags":46},"https://bugzilla.suse.com/1206360",[34,35],[42],{"url":48,"sources":49,"tags":50},"https://bugzilla.suse.com/1206379",[34,35],[42],{"url":52,"sources":53,"tags":54},"https://www.suse.com/security/cve/CVE-2022-24823",[34,35],[55],"WEB",{"url":57,"sources":58,"tags":59},"https://www.suse.com/security/cve/CVE-2022-41881",[34,35],[55],{"url":61,"sources":62,"tags":63},"https://www.suse.com/security/cve/CVE-2022-41915",[34,35],[55],[],[],[],[68,81,88,94],{"ecosystem":69,"name":70,"vendor":71,"product":72,"cpe_part":9,"purl_type":73,"purl_namespace":71,"purl_name":72,"source":9,"versions":74},"openSUSE","netty-tcnative","opensuse","netty-tcnative&distro=openSUSE Leap 15.5","rpm",[75],{"version":76,"is_range":77,"range_type":78,"version_start":9,"version_start_type":9,"version_end":79,"version_end_type":80,"fixed_in":9},"lt2_0_59_150200_3_10_1",true,"ecosystem","2.0.59-150200.3.10.1","excluding",{"ecosystem":69,"name":82,"vendor":71,"product":83,"cpe_part":9,"purl_type":73,"purl_namespace":71,"purl_name":83,"source":9,"versions":84},"netty","netty&distro=openSUSE Leap 15.5",[85],{"version":86,"is_range":77,"range_type":78,"version_start":9,"version_start_type":9,"version_end":87,"version_end_type":80,"fixed_in":9},"lt4_1_90_150200_4_14_1","4.1.90-150200.4.14.1",{"ecosystem":89,"name":70,"vendor":90,"product":91,"cpe_part":9,"purl_type":73,"purl_namespace":90,"purl_name":91,"source":9,"versions":92},"SUSE Linux Enterprise","suse","netty-tcnative&distro=SUSE Linux Enterprise Module for Development Tools 15 SP5",[93],{"version":76,"is_range":77,"range_type":78,"version_start":9,"version_start_type":9,"version_end":79,"version_end_type":80,"fixed_in":9},{"ecosystem":89,"name":82,"vendor":90,"product":95,"cpe_part":9,"purl_type":73,"purl_namespace":90,"purl_name":95,"source":9,"versions":96},"netty&distro=SUSE Linux Enterprise Module for Package Hub 15 SP5",[97],{"version":86,"is_range":77,"range_type":78,"version_start":9,"version_start_type":9,"version_end":87,"version_end_type":80,"fixed_in":9}]