GHSA-6jv9-x5w9-2ccm: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
Summary
Netty's RedisArrayAggregator handler has a bug where it leaks pooled direct-memory buffers (reusable chunks of memory managed by the JVM) when a Redis pipeline connection closes before finishing. The handler doesn't clean up its internal state properly, so buffers can't be returned to the shared memory pool, and repeated connection closures eventually cause all network operations in the program to fail due to memory exhaustion.
Vulnerability Details
EPSS: 0.0%
Yes
June 11, 2026
Classification
Affected Packages
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://github.com/advisories/GHSA-6jv9-x5w9-2ccm
First tracked: June 11, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%