Back to search
CVE-2025-55163
Published: Aug 13, 2025
Modified: Nov 4, 2025
PUBLISHED
Description
Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.
| Vendor | Product | Versions |
|---|---|---|
netty | netty | affected < 4.1.124.Finalaffected < 4.2.4.Final |
Weaknesses (CWE)
References
https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now