UBUNTU-CVE-2026-46340

Source
https://ubuntu.com/security/CVE-2026-46340
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46340.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-46340
Upstream
Published
2026-06-12T15:16:00Z
Modified
2026-06-30T18:17:41.451326688Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.put(streamId, Unpooled.wrappedBuffer(frag, byteBuf)), wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding references and component arrays; readableBytes()/getBytes() on the final buffer recurse N levels. There is no limit on N, on total bytes, or on the number of streamIdentifiers an attacker can open (each gets its own map entry). A peer that never sets the complete flag can grow this structure indefinitely from tiny 1-byte DATA chunks. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

References

Affected packages

Ubuntu:25.10
netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*
1:4.1.48-10
1:4.1.48-10ubuntu0.25.10.1
1:4.1.48-10ubuntu0.25.10.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libnetty-java",
            "binary_version": "1:4.1.48-10ubuntu0.25.10.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46340.json"
Ubuntu:Pro:14.04:LTS
netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*
1:3.2.6.Final-2
1:3.2.6.Final-2+deb8u2build0.14.04.1~esm1
1:3.2.6.Final-2+deb8u2ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libnetty-java",
            "binary_version": "1:3.2.6.Final-2+deb8u2ubuntu0.1~esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46340.json"
Ubuntu:Pro:16.04:LTS
netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=source&distro=esm-apps-legacy%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*
1:3.2.6.Final-2
1:4.*
1:4.0.32-1
1:4.0.33-1
1:4.0.34-1
1:4.0.34-1ubuntu0.1~esm1
1:4.0.34-1ubuntu0.1~esm2
1:4.0.34-1ubuntu0.1~esm3
1:4.0.34-1ubuntu0.1~esm4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libnetty-java",
            "binary_version": "1:4.0.34-1ubuntu0.1~esm4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46340.json"
Ubuntu:Pro:18.04:LTS
netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*
1:4.1.7-4
1:4.1.7-4ubuntu0.1~esm1
1:4.1.7-4ubuntu0.1
1:4.1.7-4ubuntu0.1+esm1
1:4.1.7-4ubuntu0.1+esm2
1:4.1.7-4ubuntu0.1+esm3
1:4.1.7-4ubuntu0.1+esm4
1:4.1.7-4ubuntu0.1+esm5
1:4.1.7-4ubuntu0.1+esm6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libnetty-java",
            "binary_version": "1:4.1.7-4ubuntu0.1+esm6"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46340.json"
Ubuntu:Pro:20.04:LTS
netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*
1:4.1.33-1
1:4.1.33-2
1:4.1.33-3
1:4.1.45-1
1:4.1.45-1ubuntu0.1~esm1
1:4.1.45-1ubuntu0.1~esm2
1:4.1.45-1ubuntu0.1~esm3
1:4.1.45-1ubuntu0.1~esm4
1:4.1.45-1ubuntu0.1~esm6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libnetty-java",
            "binary_version": "1:4.1.45-1ubuntu0.1~esm6"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46340.json"
Ubuntu:Pro:22.04:LTS
netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*
1:4.1.48-4
1:4.1.48-4+deb11u1build0.22.04.1
1:4.1.48-4+deb11u2build0.22.04.1
1:4.1.48-4+deb11u2ubuntu0.1~esm1
1:4.1.48-4+deb11u2ubuntu0.1~esm2
1:4.1.48-4+deb11u2ubuntu0.1
1:4.1.48-4+deb11u2ubuntu0.1+esm1
1:4.1.48-4+deb11u2ubuntu0.1+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libnetty-java",
            "binary_version": "1:4.1.48-4+deb11u2ubuntu0.1+esm3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46340.json"
Ubuntu:Pro:24.04:LTS
netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=source&distro=esm-apps%2Fnoble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*
1:4.1.48-7
1:4.1.48-8
1:4.1.48-9
1:4.1.48-9ubuntu0.1~esm1
1:4.1.48-9ubuntu0.1~esm2
1:4.1.48-9ubuntu0.1
1:4.1.48-9ubuntu0.1+esm1
1:4.1.48-9ubuntu0.1+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libnetty-java",
            "binary_version": "1:4.1.48-9ubuntu0.1+esm3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46340.json"
Ubuntu:Pro:26.04:LTS
netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=source&distro=esm-apps%2Fresolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*
1:4.1.48-10
1:4.1.48-11
1:4.1.48-12
1:4.1.48-13
1:4.1.48-14
1:4.1.48-16
1:4.1.48-16ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libnetty-buffer-java",
            "binary_version": "1:4.1.48-16ubuntu0.1~esm2"
        },
        {
            "binary_name": "libnetty-common-java",
            "binary_version": "1:4.1.48-16ubuntu0.1~esm2"
        },
        {
            "binary_name": "libnetty-java",
            "binary_version": "1:4.1.48-16ubuntu0.1~esm2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46340.json"