GHSA-3244-j874-rhc2: Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays
Summary
An attacker can crash a server using Netty (a networking library) by sending a malicious Redis message (a command sent to a Redis database) with deeply nested arrays. The RedisArrayAggregator component doesn't limit how many array layers it accepts, so an attacker can send thousands of nested arrays that force the server to create so many state objects that it runs out of memory and crashes.
Vulnerability Details
EPSS: 0.0%
Yes
June 8, 2026
Classification
Affected Packages
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://github.com/advisories/GHSA-3244-j874-rhc2
First tracked: June 8, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%