{"data":{"id":"a90432ad-a60b-4745-895a-17c783292bb8","title":"GHSA-3244-j874-rhc2: Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays","summary":"An attacker can crash a server using Netty (a networking library) by sending a malicious Redis message (a command sent to a Redis database) with deeply nested arrays. The RedisArrayAggregator component doesn't limit how many array layers it accepts, so an attacker can send thousands of nested arrays that force the server to create so many state objects that it runs out of memory and crashes.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-3244-j874-rhc2","publishedAt":"2026-06-08T19:01:52.000Z","cveId":"CVE-2026-44250","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["io.netty:netty-codec-redis@<= 4.1.134.Final (fixed: 4.1.135.Final)","io.netty:netty-codec-redis@>= 4.2.0.Final, <= 4.2.14.Final (fixed: 4.2.15.Final)"],"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-08T19:01:52.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}