CVE-2025-25193 – io.netty:netty-common

Package

Manager: maven
Name: io.netty:netty-common
Vulnerable Version: >=0 <4.1.118.final

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00121 pctl0.31947

Details

Denial of Service attack on windows app using Netty ### Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. ### Details A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. ### PoC The PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00. When the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character. ### Impact Impact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv

Metadata

Created: 2025-02-10T18:14:47Z
Modified: 2025-03-19T14:51:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-389x-839f-4rhx/GHSA-389x-839f-4rhx.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-389x-839f-4rhx
Finding: F067
Auto approve: 1