{"data":{"id":"37e60c48-da58-4df2-af57-8d448fd7a7b2","title":"GHSA-5w86-c3rq-vjj7: Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length","summary":"Netty's RedisArrayAggregator has a vulnerability where it pre-allocates memory (reserves space in a data structure) based on array sizes claimed in incoming messages, without checking if those sizes are reasonable. An attacker can send a message claiming an extremely large array size, causing the system to try reserving huge amounts of memory and crash or become unresponsive, even though they don't send the actual array data.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-5w86-c3rq-vjj7","publishedAt":"2026-06-15T20:46:16.000Z","cveId":"CVE-2026-50011","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["io.netty:netty-codec-redis@<= 4.1.134.Final (fixed: 4.1.135.Final)","io.netty:netty-codec-redis@>= 4.2.0.Final, <= 4.2.14.Final (fixed: 4.2.15.Final)"],"affectedVendors":[],"affectedVendorsRaw":["Netty"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00335,"patchAvailable":true,"disclosureDate":"2026-06-15T20:46:16.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}