{"data":{"id":"d1325f0b-5214-4763-a8cc-ffe2027fef26","title":"GHSA-6jv9-x5w9-2ccm: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator","summary":"Netty's RedisArrayAggregator handler has a bug where it leaks pooled direct-memory buffers (reusable chunks of memory managed by the JVM) when a Redis pipeline connection closes before finishing. The handler doesn't clean up its internal state properly, so buffers can't be returned to the shared memory pool, and repeated connection closures eventually cause all network operations in the program to fail due to memory exhaustion.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-6jv9-x5w9-2ccm","publishedAt":"2026-06-11T13:26:06.000Z","cveId":"CVE-2026-48006","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["io.netty:netty-codec-redis@<= 4.1.134.Final (fixed: 4.1.135.Final)","io.netty:netty-codec-redis@>= 4.2.0.Final, <= 4.2.14.Final (fixed: 4.2.15.Final)"],"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-11T13:26:06.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}