GHSA-5xrh-qmmq-w6ch

Source

https://github.com/advisories/GHSA-5xrh-qmmq-w6ch

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-5xrh-qmmq-w6ch/GHSA-5xrh-qmmq-w6ch.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5xrh-qmmq-w6ch

Aliases

CVE-2026-46340

Related

CGA-2764-7mmg-xgxx

Published

2026-06-08T23:02:33Z

Modified

2026-06-09T19:59:19.285823267Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Netty: SCTP reassembly nests buffers without bound

Details

For each non-complete SctpMessage fragment the handler does fragments.put(streamId, Unpooled.wrappedBuffer(frag, byteBuf)), wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding references and component arrays; readableBytes()/getBytes() on the final buffer recurse N levels. There is no limit on N, on total bytes, or on the number of streamIdentifiers an attacker can open (each gets its own map entry). A peer that never sets the complete flag can grow this structure indefinitely from tiny 1-byte DATA chunks.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-770"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-08T23:02:33Z"
}

References

Affected packages

Maven / io.netty:netty-transport-sctp

Package

Name: io.netty:netty-transport-sctp; View open source insights on deps.dev
Purl: pkg:maven/io.netty/netty-transport-sctp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0.Final

Fixed

4.2.15.Final

Affected versions

4.*

4.2.0.Final

4.2.1.Final

4.2.2.Final

4.2.3.Final

4.2.4.Final

4.2.5.Final

4.2.6.Final

4.2.7.Final

4.2.8.Final

4.2.9.Final

4.2.10.Final

4.2.11.Final

4.2.12.Final

4.2.13.Final

4.2.14.Final

Database specific

last_known_affected_version_range

"<= 4.2.14.Final"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-5xrh-qmmq-w6ch/GHSA-5xrh-qmmq-w6ch.json"

Maven / io.netty:netty-transport-sctp

Package

Name: io.netty:netty-transport-sctp; View open source insights on deps.dev
Purl: pkg:maven/io.netty/netty-transport-sctp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.135.Final

Affected versions

4.*

4.0.0.Beta1

4.0.0.Beta2

4.0.0.Beta3

4.0.0.CR1

4.0.0.CR2

4.0.0.CR3

4.0.0.CR4

4.0.0.CR5

4.0.0.CR6

4.0.0.CR7

4.0.0.CR8

4.0.0.CR9

4.0.0.Final

4.0.1.Final

4.0.2.Final

4.0.3.Final

4.0.4.Final

4.0.5.Final

4.0.6.Final

4.0.7.Final

4.0.8.Final

4.0.9.Final

4.0.10.Final

4.0.11.Final

4.0.12.Final

4.0.13.Final

4.0.14.Beta1

4.0.14.Final

4.0.15.Final

4.0.16.Final

4.0.17.Final

4.0.18.Final

4.0.19.Final

4.0.20.Final

4.0.21.Final

4.0.22.Final

4.0.23.Final

4.0.24.Final

4.0.25.Final

4.0.26.Final

4.0.27.Final

4.0.28.Final

4.0.29.Final

4.0.30.Final

4.0.31.Final

4.0.32.Final

4.0.33.Final

4.0.34.Final

4.0.35.Final

4.0.36.Final

4.0.37.Final

4.0.38.Final

4.0.39.Final

4.0.40.Final

4.0.41.Final

4.0.42.Final

4.0.43.Final

4.0.44.Final

4.0.45.Final

4.0.46.Final

4.0.47.Final

4.0.48.Final

4.0.49.Final

4.0.50.Final

4.0.51.Final

4.0.52.Final

4.0.53.Final

4.0.54.Final

4.0.55.Final

4.0.56.Final

4.1.0.Beta1

4.1.0.Beta2

4.1.0.Beta3

4.1.0.Beta4

4.1.0.Beta5

4.1.0.Beta6

4.1.0.Beta7

4.1.0.Beta8

4.1.0.CR1

4.1.0.CR2

4.1.0.CR3

4.1.0.CR4

4.1.0.CR5

4.1.0.CR6

4.1.0.CR7

4.1.0.Final

4.1.1.Final

4.1.2.Final

4.1.3.Final

4.1.4.Final

4.1.5.Final

4.1.6.Final

4.1.7.Final

4.1.8.Final

4.1.9.Final

4.1.10.Final

4.1.11.Final

4.1.12.Final

4.1.13.Final

4.1.14.Final

4.1.15.Final

4.1.16.Final

4.1.17.Final

4.1.18.Final

4.1.19.Final

4.1.20.Final

4.1.21.Final

4.1.22.Final

4.1.23.Final

4.1.24.Final

4.1.25.Final

4.1.26.Final

4.1.27.Final

4.1.28.Final

4.1.29.Final

4.1.30.Final

4.1.31.Final

4.1.32.Final

4.1.33.Final

4.1.34.Final

4.1.35.Final

4.1.36.Final

4.1.37.Final

4.1.38.Final

4.1.39.Final

4.1.40.Final

4.1.41.Final

4.1.42.Final

4.1.43.Final

4.1.44.Final

4.1.45.Final

4.1.46.Final

4.1.47.Final

4.1.48.Final

4.1.49.Final

4.1.50.Final

4.1.51.Final

4.1.52.Final

4.1.53.Final

4.1.54.Final

4.1.55.Final

4.1.56.Final

4.1.57.Final

4.1.58.Final

4.1.59.Final

4.1.60.Final

4.1.61.Final

4.1.62.Final

4.1.63.Final

4.1.64.Final

4.1.65.Final

4.1.66.Final

4.1.67.Final

4.1.68.Final

4.1.69.Final

4.1.70.Final

4.1.71.Final

4.1.72.Final

4.1.73.Final

4.1.74.Final

4.1.75.Final

4.1.76.Final

4.1.77.Final

4.1.78.Final

4.1.79.Final

4.1.80.Final

4.1.81.Final

4.1.82.Final

4.1.83.Final

4.1.84.Final

4.1.85.Final

4.1.86.Final

4.1.87.Final

4.1.88.Final

4.1.89.Final

4.1.90.Final

4.1.91.Final

4.1.92.Final

4.1.93.Final

4.1.94.Final

4.1.95.Final

4.1.96.Final

4.1.97.Final

4.1.98.Final

4.1.99.Final

4.1.100.Final

4.1.101.Final

4.1.102.Final

4.1.103.Final

4.1.104.Final

4.1.105.Final

4.1.106.Final

4.1.107.Final

4.1.108.Final

4.1.109.Final

4.1.110.Final

4.1.111.Final

4.1.112.Final

4.1.113.Final

4.1.114.Final

4.1.115.Final

4.1.116.Final

4.1.117.Final

4.1.118.Final

4.1.119.Final

4.1.120.Final

4.1.121.Final

4.1.122.Final

4.1.123.Final

4.1.124.Final

4.1.125.Final

4.1.126.Final

4.1.127.Final

4.1.128.Final

4.1.129.Final

4.1.130.Final

4.1.131.Final

4.1.132.Final

4.1.133.Final

4.1.134.Final

Database specific

last_known_affected_version_range

"<= 4.1.134.Final"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-5xrh-qmmq-w6ch/GHSA-5xrh-qmmq-w6ch.json"