USN-7918-1

Advisory lineage Upstream: 4 Downstream: 0
Published: 09 Dec 2025, 20:14
Last modified:20 May 2026, 16:03

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

09 Dec 2025, 20:14
Published
Vulnerability first disclosed
20 May 2026, 16:03
Last Modified
Vulnerability information updated

Description

netty vulnerabilities Jeppe Bonde Weikop discovered that Netty incorrectly parsed HTTP messages. When Netty is used with certain reverse proxies, a remote attacker could possibly use this issue to perform HTTP request smuggling attacks. (CVE-2025-58056) Jonas Konrad discovered that Netty did not properly manage memory when decoding compressed data. A remote attacker could possibly use this issue to cause Netty to consume excessive memory, resulting in a denial of service. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-58057)

Affected Systems

  • ubuntunetty

    < 1:4.0.34-1ubuntu0.1~esm3 | < 1:4.1.7-4ubuntu0.1+esm5 | < 1:4.1.45-1ubuntu0.1~esm4 | < 1:4.1.48-4+deb11u2ubuntu0.1 | < 1:4.1.48-9ubuntu0.1 | < 1:4.1.48-10ubuntu0.25.10.2

References (3)