{"data":{"id":"ec384bf2-ffa9-41c8-94f0-99704bc8ec96","title":"GHSA-6ghj-frrj-jjj3: Netty has Unbounded Direct Memory Consumption in its RedisDecoder","summary":"Netty's RedisDecoder (a tool that reads Redis protocol messages) has a vulnerability where an attacker can send malformed Redis messages without proper line endings (`\\r\\n`) across multiple connections, causing the decoder to buffer data indefinitely and exhaust the server's direct memory pool (memory reserved for direct I/O operations), resulting in a DoS (denial of service) attack that prevents legitimate users from connecting.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-6ghj-frrj-jjj3","publishedAt":"2026-06-08T19:02:09.000Z","cveId":"CVE-2026-44890","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["io.netty:netty-codec-redis@<= 4.1.134.Final (fixed: 4.1.135.Final)","io.netty:netty-codec-redis@>= 4.2.0.Final, <= 4.2.14.Final (fixed: 4.2.15.Final)"],"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-08T19:02:09.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}