CVE-2025-58057
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-58057
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58057.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-58057
- Aliases
- Downstream
- Related
- Published
- 2025-09-03T21:46:49Z
- Modified
- 2025-11-04T20:39:21.843404Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
- Details
-
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted input, BrotliDecoder and certain other decompression decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time. The buffers are saved in the output list, and remain reachable until OOM is hit. This is fixed in versions 4.1.125.Final of netty-codec and 4.2.5.Final of netty-codec-compression.
- Database specific
{ "cwe_ids": [ "CWE-409" ] }- References
Affected packages
Git / github.com/netty/netty
Affected ranges
- Type
- GIT
- Repo
- https://github.com/netty/netty
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
netty-4.*
netty-4.0.0.Alpha1
netty-4.0.0.Alpha2
netty-4.0.0.Alpha3
netty-4.0.0.Alpha4
netty-4.0.0.Alpha5
netty-4.0.0.Alpha6
netty-4.0.0.Alpha7
netty-4.0.0.Alpha8
netty-4.0.0.Beta1
netty-4.0.0.Beta2
netty-4.0.0.Beta3
netty-4.0.0.CR1
netty-4.0.0.CR2
netty-4.0.0.CR3
netty-4.0.0.CR4
netty-4.0.0.CR5
netty-4.0.0.CR7
netty-4.0.0.CR8
netty-4.0.0.CR9
netty-4.0.0.Final
netty-4.0.1.Final
netty-4.0.10.Final
netty-4.0.11.Final
netty-4.0.12.Final
netty-4.0.13.Final
netty-4.0.14.Beta1
netty-4.0.14.Final
netty-4.0.15.Final
netty-4.0.2.Final
netty-4.0.3.Final
netty-4.0.4.Final
netty-4.0.5.Final
netty-4.0.6.Final
netty-4.0.7.Final
netty-4.0.8.Final
netty-4.1.0.Beta1
netty-4.1.0.Beta2
netty-4.1.0.Beta3
netty-4.1.0.Beta4
netty-4.1.0.Beta5
netty-4.1.0.Beta6
netty-4.1.0.Beta7
netty-4.1.0.Beta8
netty-4.1.0.CR1
netty-4.1.0.CR2
netty-4.1.0.CR3
netty-4.1.0.CR4
netty-4.1.0.CR5
netty-4.1.0.CR6
netty-4.1.0.CR7
netty-4.1.0.Final
netty-4.1.1.Final
netty-4.1.10.Final
netty-4.1.100.Final
netty-4.1.101.Final
netty-4.1.102.Final
netty-4.1.103.Final
netty-4.1.104.Final
netty-4.1.105.Final
netty-4.1.106.Final
netty-4.1.107.Final
netty-4.1.108.Final
netty-4.1.109.Final
netty-4.1.11.Final
netty-4.1.12.Final
netty-4.1.13.Final
netty-4.1.14.Final
netty-4.1.15.Final
netty-4.1.16.Final
netty-4.1.17.Final
netty-4.1.18.Final
netty-4.1.19.Final
netty-4.1.2.Final
netty-4.1.20.Final
netty-4.1.21.Final
netty-4.1.22.Final
netty-4.1.23.Final
netty-4.1.24.Final
netty-4.1.25.Final
netty-4.1.26.Final
netty-4.1.27.Final
netty-4.1.28.Final
netty-4.1.29.Final
netty-4.1.3.Final
netty-4.1.30.Final
netty-4.1.31.Final
netty-4.1.32.Final
netty-4.1.33.Final
netty-4.1.34.Final
netty-4.1.35.Final
netty-4.1.36.Final
netty-4.1.37.Final
netty-4.1.38.Final
netty-4.1.39.Final
netty-4.1.4.Final
netty-4.1.40.Final
netty-4.1.41.Final
netty-4.1.42.Final
netty-4.1.43.Final
netty-4.1.44.Final
netty-4.1.45.Final
netty-4.1.46.Final
netty-4.1.47.Final
netty-4.1.48.Final
netty-4.1.49.Final
netty-4.1.5.Final
netty-4.1.50.Final
netty-4.1.51.Final
netty-4.1.52.Final
netty-4.1.53.Final
netty-4.1.54.Final
netty-4.1.55.Final
netty-4.1.56.Final
netty-4.1.57.Final
netty-4.1.58.Final
netty-4.1.59.Final
netty-4.1.6.Final
netty-4.1.60.Final
netty-4.1.61.Final
netty-4.1.62.Final
netty-4.1.63.Final
netty-4.1.64.Final
netty-4.1.65.Final
netty-4.1.66.Final
netty-4.1.67.Final
netty-4.1.68.Final
netty-4.1.69.Final
netty-4.1.7.Final
netty-4.1.70.Final
netty-4.1.71.Final
netty-4.1.72.Final
netty-4.1.73.Final
netty-4.1.74.Final
netty-4.1.75.Final
netty-4.1.76.Final
netty-4.1.77.Final
netty-4.1.78.Final
netty-4.1.79.Final
netty-4.1.8.Final
netty-4.1.80.Final
netty-4.1.81.Final
netty-4.1.82.Final
netty-4.1.83.Final
netty-4.1.84.Final
netty-4.1.85.Final
netty-4.1.86.Final
netty-4.1.87.Final
netty-4.1.88.Final
netty-4.1.89.Final
netty-4.1.9.Final
netty-4.1.90.Final
netty-4.1.91.Final
netty-4.1.92.Final
netty-4.1.93.Final
netty-4.1.94.Final
netty-4.1.95.Final
netty-4.1.96.Final
netty-4.1.97.Final
netty-4.1.98.Final
netty-4.1.99.Final
netty-4.2.0.Alpha1
netty-4.2.0.Alpha2
netty-4.2.0.Alpha3
netty-4.2.0.Alpha4
netty-4.2.0.Alpha5
netty-4.2.0.Beta1
netty-4.2.0.Final
netty-4.2.0.RC1
netty-4.2.0.RC2
netty-4.2.0.RC3
netty-4.2.0.RC4
netty-4.2.1.Final
netty-4.2.2.Final
netty-4.2.3.Final
netty-4.2.4.Final
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"84826743833987520222283554709558419461",
"229941705159259441117397925904357014489",
"239758567056483344727097341660781202038",
"261208025501304973781740736998369336889",
"282967270068895706348545737734993157931",
"85292008776335211722731366824354959371",
"188071552577217312514997923988741278380",
"227895725838260453036415906869511123839",
"202053290081678781257846594905908386858",
"200122463195936398902927258918832294655",
"290686680299069363964600166107909816618",
"113704568288568191104840682560531725378",
"289596453280306157790200283274031731542",
"2685886786854585040512704178710420950",
"206495597632853188130230170244816610919",
"65276116270209034175324250327121027018",
"195542844370925318137354894029514795698",
"191767756422951196299506193164322974811",
"327356853475380713275908024133979049997",
"194349860813593454596880775168950934168",
"47699494526886474312980270280702955143",
"38134056699244433232490580441338578778",
"295449663740892074914003729330080417147",
"89108694236075657851873828519620281502",
"224181327059227181680196846613793236156",
"83329933797219732100867360834904099335",
"173752281052659239649013454312398366207",
"316528865488575753954894228061973043600",
"127759871132345037676245032368809267528",
"153355495522813310811436348433104856858",
"83605324093879460770905426315351268874",
"289899633187063915752685026579433121464",
"153283795737243132354442438513254435016",
"166021160019589265334838985994018939277",
"70897536007569163031696306297006691898",
"53922213238176684997021388050923731810",
"129136780151601444954703730607668328349"
]
},
"target": {
"file": "codec-compression/src/main/java/io/netty/handler/codec/compression/ZstdDecoder.java"
},
"signature_version": "v1",
"id": "CVE-2025-58057-003c7c6a",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "84591399580489099817280877875592802090",
"length": 226.0
},
"target": {
"file": "codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecoder.java",
"function": "fetchDecoderOutput"
},
"signature_version": "v1",
"id": "CVE-2025-58057-09b50830",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"21070106644472642411163165357991913520",
"28630523934747623019235421561704699253",
"2138405906502131975829355746933459114",
"68294833129406119396561928437205024599",
"298438518424048191741057293147926386993",
"7632006613650883660595501288707990618",
"258903918647893143780629350550995327108",
"260924048074641594442420751807850698633",
"166535287329824279820000930090951921492",
"32659038197932099385429209956281360070",
"288069831071191480474669123104871259079",
"103370376648111635469952197257427387139",
"293687545060395275379018563891861589396",
"102330184835342085977587005850919385274",
"308697998281167724350767621745116296716",
"57227917340021918521663617182076963770",
"66695765695948800712979384861844825671",
"108517435792108602559283878953716958512",
"247894135008056791264808141577860752077",
"262093253258320343059115008440936426998",
"26631690569737421278092342395285068224",
"308697998281167724350767621745116296716",
"22856760116563567373796703553602590491",
"138719575117423580213395237239434539405",
"254741334099755843141845902029288877465",
"245065531818692266452225056784316990805",
"177526754924630156315136939669805767338",
"176099464859299572111344184835539478000",
"151396835454013242812137246959293795773",
"284981238552930560803090854105965472359",
"110532055359863654282466362168111602086",
"26497444386725953043775164350857036398",
"203855859827786822102628685251104145592",
"244044274584952353356880478962063418833",
"153910641668974128496804034994497399363",
"58231636348791925983101298874454925586",
"158885963051256514258289112334018038503",
"160909062602807098028502197638651279208",
"41820783480482036625352889673559219746",
"9727828828267891730938944975147176373",
"90460726870694483045601068608339844575",
"56744003759911216472171303531851054042",
"220638497187240943409191370292156889841",
"237389391425835866159028337159643811602",
"114926961908343736370483348385043562921",
"121589400958004186292457645669050050513",
"109796810045691966195687045459745615104",
"186513427453349134410335282926893410073",
"20758443770269692434663311879400233137",
"65702920612906186697196480827189385492",
"126501520579213578986326412139839063169",
"282568185764306528479653869352677833436",
"339497349135143830975091232579506228591",
"314928486037388983069867135657363513436",
"249961858290483438563102959866172738596",
"319618954983404261598590388720895490672",
"127478273395961533857187555649849218329",
"157742317753982349146334234765495140065",
"37942356903898165323483297809350391003",
"110517761857978631875167308581603481494",
"29534424061552703943641806646202012251",
"188602831789282967293849507122223105284",
"288035823445035720295663720519376941213",
"10517893907480336347076584991417254654",
"58544892019034043721109840407222984398",
"217867754180361589928740435044500434853",
"63855836346539645845204677884048146890",
"131460565192605962264086191951242920929",
"14882365355235885427304094168597093418",
"125499539589178639135244558873695295705",
"7922802419418379556349264734490487064",
"314342379433508313725529557020123868441",
"270020961726060210100308174016996958485",
"265349589515211426117282377515974375097",
"260374285055496378442990504132241967865",
"327713355948505373977935838516172425249",
"208080598995103639966836868487761682584",
"240186717652437784439067539167883608376",
"321508585050504892088854371732723954303",
"144036763083027271697669429218601940659",
"147375863512338289119562469535885863927",
"302811203272157671458026663245260072187",
"115449194749939842375579552588587157037",
"112681526429912074537961507425384393302",
"230010660531191395363330243373675796645",
"39697002736176048099721319156043075268",
"89215098694372047187464391336130464452",
"257607441400032448721563896986654184043",
"253391902394117434007994156490083863990",
"162133200135950741884807950153288265677",
"238707279965213893447295303759571002449",
"255954119693656391753536702909398024338",
"216060106702970860640020671021873899998",
"49855039934461436701381969239662762028",
"149120862757590532766182353258284603693",
"274324974035086642963314371891610689248",
"61948111571141237650476708126335709713",
"248961034222332956762719439179117257623",
"174940734524200096201703374925626542160",
"296047922626418234715146453349205888348",
"221184852175375199786944181617170675290",
"312718362311871062695707552107527262247",
"310413695553397128320860444300533868380",
"211495742739982984344387671827195272663",
"185129763022106087735836903982097966890",
"7835173072201490953556520472261605883",
"132225062967318125981538040577702703656",
"293809869683197192379470656361752553126",
"3490311468456870394194501856477239796",
"148459819568833740497851321387050524065",
"64251499429382533168594829905670531051",
"50589984752129776167307631797709278810",
"125275272397655031471336454463575426969",
"317145869095197906102535962172833048211",
"329013678494040115248561647538190415498",
"169393193988187823737704214414085885755",
"306205326802619988365210234024222755609",
"275997902248603082807261335495664832951",
"246891717462563076390515059522247099785",
"195681394062720850906605238252684563646",
"231549539256880877132962880212713939306",
"291662617272102321154144369857827168222",
"133685425490539179792610465044886600642",
"31086291600014481395011596023699208434",
"92819482674135838356106466301387309845",
"32333184371224667454824871746035186594",
"173895659612639665217473437224065710956",
"121122513405308211826251990703042266938",
"55401027835787496353917429045347203148",
"161309706297507129901312737917970809433",
"171359684834033381543126176918654047547",
"176664992092766167134690723869342533746",
"74486274242574829635956712550407081314",
"98453844651364641364221540163373547458",
"187995677738033607212035410726327277950",
"180707698902078489725933989335210351580",
"216881358701928287488400864317089585957",
"137519229447024342933979597845758279384",
"125262461533297137252579420873311518534"
]
},
"target": {
"file": "codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecoder.java"
},
"signature_version": "v1",
"id": "CVE-2025-58057-0b4b45df",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "237093866007197301039866889987292439795",
"length": 2211.0
},
"target": {
"file": "codec-compression/src/main/java/io/netty/handler/codec/compression/JdkZlibDecoder.java",
"function": "decode"
},
"signature_version": "v1",
"id": "CVE-2025-58057-137f161f",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "85485276112350423554108146650243532129",
"length": 918.0
},
"target": {
"file": "codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java",
"function": "initDecompressor"
},
"signature_version": "v1",
"id": "CVE-2025-58057-203160af",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "128529550446250667395255772416732240114",
"length": 106.0
},
"target": {
"file": "codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecoder.java",
"function": "finishDecode"
},
"signature_version": "v1",
"id": "CVE-2025-58057-259f213d",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "333459057555930873248875541800989885231",
"length": 91.0
},
"target": {
"file": "codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecoder.java",
"function": "cleanup"
},
"signature_version": "v1",
"id": "CVE-2025-58057-278a755e",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "172921042970838765478855879025941872667",
"length": 115.0
},
"target": {
"file": "codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecoder.java",
"function": "decode"
},
"signature_version": "v1",
"id": "CVE-2025-58057-29288c79",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "219491896229261089869829332448877294770",
"length": 1802.0
},
"target": {
"file": "codec-compression/src/main/java/io/netty/handler/codec/compression/JZlibDecoder.java",
"function": "decode"
},
"signature_version": "v1",
"id": "CVE-2025-58057-2e5a9b21",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"50227978872564600166739421734948961336",
"321980111644006374505188148257626981338",
"340116659503390931679422203081276361541",
"283444430346391828646878798444325365822",
"89459552054980669912192970888530479263",
"281114148932935269604948560364708419714",
"152955050723471843242357227341147552929",
"211557151857904349972064370027057205627",
"57548714762238526525360210889620021594",
"184806409170713981761749669364018201916",
"38118116704580477249120830512208909021",
"83241883956933913414736731523810173464",
"175766440334728265578738781158110486513",
"36406358116883541195996368638853416242",
"116407740569126125838587320801874594716",
"233217937272850647061330435860862742828",
"4589800041346265903675128032475247703",
"79018805468961241566761878703444233068",
"281519301153537763271637722339762352408",
"32225114521461809360822447301266951842",
"137384409615329759587724928428268012128"
]
},
"target": {
"file": "codec-compression/src/main/java/io/netty/handler/codec/compression/JdkZlibDecoder.java"
},
"signature_version": "v1",
"id": "CVE-2025-58057-38b8b12b",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "205641234953711698739466724074371077490",
"length": 163.0
},
"target": {
"file": "codec-compression/src/main/java/io/netty/handler/codec/compression/BrotliDecoder.java",
"function": "pull"
},
"signature_version": "v1",
"id": "CVE-2025-58057-3f54bf51",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"49847817752980390114868309661774052838",
"247136685600072752434569622639393744589",
"297665971171062092428671293292229051223",
"261786752031115732091528522126321145340",
"112760020041920330585826881545223646921",
"88663155210984623319082725582783668998",
"202427746593638031048898806860733346739",
"154693959272804258072828848682895179024",
"208708129810335188693945886836075104513",
"314616058756422871602338084242212966988",
"161489160701894446524566094198784409506",
"15315161938392534846411764561621872391",
"156091823511097273030707436649025668722",
"136343332430646182335199928944997775483",
"203190615180437640204669220955022912812",
"307100665847233921646166764896057653473",
"99135144399207307535899705024368715842",
"281173332970523153265075380022509406332",
"323471927659561631090975856728510587190",
"68687081297252247930754738873249225204",
"26846269681070865326126372354044431665",
"211410433021273537135636982233128610491",
"122731142986021212889975755983873842316",
"328981638425864322247370136734056666573",
"259187029435264779432271652323054017922",
"60472050980299936312125571869463818071",
"154451069918709973205475399242615606777",
"65624477096356351864424664337367656262",
"100006568847025823323627660687632588203",
"45682054741040103754972415288494218143",
"108849948383403544364772203124624478793",
"141296195622195835001673824244970922185",
"61380375999545417786736989755609735524",
"289578555019488362799239966690349487079",
"233873845007413007516865680554093817586",
"255168315020467284082124030441934821348",
"286512030713876855901521463331505911824",
"156133741320661687838986233864663159422",
"292234888041445291042227795298524063536",
"233174043481174037269594435620941928675",
"330734752664744953811371839480635093123",
"221035184104252895501669292436103831237",
"296611773384486857048605100014205108300",
"144478476891657371162697086420926114618",
"203274384903160462289652955667936585091",
"318787209961357938649277963720559210188",
"52209314947253647881786059301833187101",
"78316631650311589167550029212267772461",
"158846297976790447645038530865916512342",
"139393681925345799939249533575762177856",
"49508420078398760417283852714214248964",
"256981651022479207345357468390983289172",
"318371583715560226931183649855185859169",
"300129529147231413813844028679438170511",
"84303014803836146566705889661498236540",
"97577571385364650822233555707668973784",
"83458782044319653005750121270740337343",
"203861735462010345813828563560666821099",
"18186136727967416352378909674954444228",
"285804984454250651179264971869399763035",
"162351075810673874043153594363482205513",
"233765315769315969649420725407603245374",
"330136772381831706617647920779748149874",
"205713797064487798252090431890023052163",
"227920280408692458173008861373850713580",
"39321118997839994757415726572168548562",
"250126746691798888426775757829387588479",
"314010553127645543005234926760024459092",
"331841266528951280391386050804447329260",
"339709403062521269133818221287725206916",
"77901344641081813462671541027505255716",
"37913804701398038564259870378719357114",
"129799849301120242449089122172633265005",
"271757713861248487227494315421921476461",
"29857138614102619468263802253725397510",
"98453844651364641364221540163373547458",
"187995677738033607212035410726327277950",
"117371309006420738322061111209803198768",
"133085623216910322662150214839956273498",
"148319037118714419946403914563802202963",
"122125616748444092493625684605121868312",
"142317544570010483138646260417396823362",
"284533895064142388734023146868956407048",
"314275312419474316697701222760311712202",
"4806233168025239263176334139284775364",
"146404586370473236075709604640286316169",
"164255821738424178110053038833399725974",
"63302846460912190236719099730321635891",
"313381064420673299766963393429187329871",
"224763682325927105282555929224339038388",
"77867128558619736570404513750870952169",
"15453929459589908874038714840825573690",
"45209725589485597004820820805071953675",
"137688524761413122606453713966767300497",
"70644536210972687059763421283199932964",
"270946294604492378688860012608544954342",
"118925338780325078043680054512947064012",
"183037725950395973886931742363261553169",
"82493215396332949651488531870609197524",
"266418509176637968643966107437230501607"
]
},
"target": {
"file": "codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java"
},
"signature_version": "v1",
"id": "CVE-2025-58057-40b05010",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "306142550942240689860119945137618547350",
"length": 766.0
},
"target": {
"file": "codec-compression/src/main/java/io/netty/handler/codec/compression/ZstdDecoder.java",
"function": "decode"
},
"signature_version": "v1",
"id": "CVE-2025-58057-46d7ed8a",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "157022655508322336999011051184159893703",
"length": 615.0
},
"target": {
"file": "codec-compression/src/main/java/io/netty/handler/codec/compression/BrotliDecoder.java",
"function": "decompress"
},
"signature_version": "v1",
"id": "CVE-2025-58057-53ccc46c",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "120133637039794245789121989849225524512",
"length": 2443.0
},
"target": {
"file": "codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecoder.java",
"function": "decode"
},
"signature_version": "v1",
"id": "CVE-2025-58057-53f3a22d",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"326497635737594138726506207865574671822",
"240187244580503969239944819708348331336",
"207934682111169948569838227422052880096",
"214253089809270228383494721654543771650",
"19414580985528469303250024929107498977",
"61775311609683862587349208014860526607",
"92475712975278346844180365662696222761",
"200034894706187050982310534990007702028",
"134656109783084115965606108428400264678"
]
},
"target": {
"file": "codec-compression/src/test/java/io/netty/handler/codec/compression/AbstractIntegrationTest.java"
},
"signature_version": "v1",
"id": "CVE-2025-58057-5668f5c2",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"51287705268962105708065164103604460686",
"99098173747432587612112272108135297088",
"140288108570657360497118950666795161719",
"294773193171849401399795182878095291447",
"89459552054980669912192970888530479263",
"281114148932935269604948560364708419714",
"152955050723471843242357227341147552929",
"211557151857904349972064370027057205627",
"275610631174398885636184458049773265498",
"163491747466902960137267799189905711882",
"99669411913225124588462055415508229238",
"44572859061143012817343084592437342232",
"185930459157913346900340019262695644912",
"258609646858772264883512296916326062339",
"205983180142357371795666152480300674867",
"233217937272850647061330435860862742828",
"4589800041346265903675128032475247703",
"79018805468961241566761878703444233068",
"100597443016876687727004006087936272829",
"279717673262436060827843437195081551953",
"156240712997195933568202868411074031602",
"235428265765089159588818989847646407435"
]
},
"target": {
"file": "codec-compression/src/main/java/io/netty/handler/codec/compression/JZlibDecoder.java"
},
"signature_version": "v1",
"id": "CVE-2025-58057-8da80079",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "94364127258995703861817147674144913070",
"length": 1519.0
},
"target": {
"file": "codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java",
"function": "onDataRead"
},
"signature_version": "v1",
"id": "CVE-2025-58057-9d4ea528",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "284570503232053425624677837458346481292",
"length": 205.0
},
"target": {
"file": "codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java",
"function": "nextReadableBuf"
},
"signature_version": "v1",
"id": "CVE-2025-58057-aee4e6b1",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"246746867144801723822021000495893078846",
"52735931890480528957565938716109722936",
"158009373995149593188908948409602991798",
"18643799530920095464822912716450487233",
"149781973992454070154212447101432611259",
"14567603969488849155134165721968666432",
"127045364687810616904293926535219992768",
"180126249790525556455765857590134067091",
"3303486786029340879765514926341891329",
"123777302438306466982384790088940787717",
"309571633725043986223662972585619693786",
"322967544796676632429971088372787834788",
"314174357326937300108886561337255597230",
"272078770204115530216988240296772106331",
"248457587009990963219983604683975493510",
"141781680126290176728177411981037462640",
"42175728779183215239986383807388375717",
"306856078048036734272950804165144663195",
"221527848662153185466621595985950610013",
"160475614912520958077907307513742679803",
"148030064345536543693042937815773074188",
"285989979206942732961356420569697215966",
"163945776351950060813029480660763140805",
"223762101345818892708028995707415566316",
"333002421379919517401611556642696449833",
"137288654637958078508804003478152603908",
"282374656775849025775845108243198371983",
"184840859726497817290661631290951087197",
"145119103076228360780412552422463820281",
"205740480170579548296625368420665564608",
"323709761407359622001475777319244605880",
"160316562034981742517910978554630276447",
"13606072055968513023178164503637981826",
"290465632119740270070795893590388783402",
"25371623665634777151395928293150596792",
"301043345182097780441854419382592831437"
]
},
"target": {
"file": "codec-compression/src/main/java/io/netty/handler/codec/compression/BrotliDecoder.java"
},
"signature_version": "v1",
"id": "CVE-2025-58057-b675444c",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "17763830958181724816069573570587553732",
"length": 40.0
},
"target": {
"file": "codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java",
"function": "decompressor"
},
"signature_version": "v1",
"id": "CVE-2025-58057-b7504b2d",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"316665729182614767993164573447248334340",
"322560326491264177815222516428730136483",
"47019394391386047969331462269215006450",
"111181513458150177253306655494952685201",
"89986118796664824115153983354531740451",
"194815170588594434916487286416933956133",
"216128109764002663855362773794145077939",
"33522733243234075217136225454294422217",
"17316446052962568199519970784773603708"
]
},
"target": {
"file": "codec-http/src/test/java/io/netty/handler/codec/http/HttpContentDecompressorTest.java"
},
"signature_version": "v1",
"id": "CVE-2025-58057-c02ae112",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "96264874563170004092877696735623810673",
"length": 453.0
},
"target": {
"file": "codec-compression/src/main/java/io/netty/handler/codec/compression/BrotliDecoder.java",
"function": "decode"
},
"signature_version": "v1",
"id": "CVE-2025-58057-c2156e66",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "184015010100842026049568191315606194418",
"length": 397.0
},
"target": {
"file": "codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecoder.java",
"function": "decodeContent"
},
"signature_version": "v1",
"id": "CVE-2025-58057-c89873e6",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "191061042635499403767522126697732082226",
"length": 103.0
},
"target": {
"file": "codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecoder.java",
"function": "handlerAdded"
},
"signature_version": "v1",
"id": "CVE-2025-58057-c9daa209",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "84732250168648591649283770767316742401",
"length": 130.0
},
"target": {
"file": "codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java",
"function": "onStreamRemoved"
},
"signature_version": "v1",
"id": "CVE-2025-58057-caa54c01",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "253064833729149786296386610386187556537",
"length": 78.0
},
"target": {
"file": "codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java",
"function": "cleanup"
},
"signature_version": "v1",
"id": "CVE-2025-58057-cdedeb4c",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "7971369392726091110975216962366324015",
"length": 459.0
},
"target": {
"file": "codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java",
"function": "DelegatingDecompressorFrameListener"
},
"signature_version": "v1",
"id": "CVE-2025-58057-d29c3d30",
"deprecated": false,
"source": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
}
]