Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-13T18:01:52 netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CWE-1286

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.

A flaw was found in Netty. Netty's DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.

This is an Important integrity flaw in Netty's DNS codec. The vulnerability arises from insufficient enforcement of RFC 1035 domain name constraints during both encoding and decoding, allowing remote attackers to manipulate DNS responses or user-controlled hostnames. This could lead to a high integrity impact on affected Red Hat products that utilize the vulnerable Netty DNS codec. Cryostat 4 Under investigation netty-codec-dns OpenShift Serverless Under investigation openshift-serverless-1/kn-ekb-dispatcher-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-ekb-receiver-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-ddb-streams-source-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-s3-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-s3-source-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-sns-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-sqs-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-sqs-source-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-log-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-timer-source-rhel9 Red Hat build of Apache Camel 4 for Quarkus 3 Under investigation netty-codec-dns Red Hat build of Apache Camel for Spring Boot 4 Under investigation netty-codec-dns Red Hat build of Apicurio Registry 2 Under investigation netty-codec-dns Red Hat build of Apicurio Registry 3 Under investigation netty-codec-dns Red Hat build of Debezium 3 Under investigation netty-codec-dns Red Hat Build of Keycloak Under investigation netty-codec-dns Red Hat Build of Keycloak Under investigation rhbk/keycloak-rhel9 Red Hat Build of Keycloak Under investigation rhbk/keycloak-rhel9-operator Red Hat Build of Keycloak Under investigation rhbk-openshift-rhel9/rhbk-openshift-rhel9 Red Hat Build of Keycloak Under investigation rhbk-rhel9-operator/rhbk-rhel9-operator Red Hat build of OptaPlanner 8 Under investigation netty-codec-dns Red Hat build of Quarkus Under investigation netty-codec-dns Red Hat Data Grid 8 Under investigation netty-codec-dns Red Hat Enterprise Linux AI (RHEL AI) 3 Under investigation bazel7 Red Hat Enterprise Linux AI (RHEL AI) 3 Under investigation bazel8 Red Hat Fuse 7 Under investigation netty-codec-dns Red Hat JBoss Enterprise Application Platform 7 Under investigation netty-codec-dns Red Hat JBoss Enterprise Application Platform 8 Under investigation netty-codec-dns Red Hat JBoss Enterprise Application Platform Expansion Pack Under investigation netty-codec-dns Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-spark-operator-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-th06-cpu-torch210-py312-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-th06-cpu-torch291-py312-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-th06-cuda130-torch210-py312-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-th06-cuda130-torch291-py312-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-th06-rocm64-torch291-py312-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-trustyai-service-rhel8 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-trustyai-service-rhel9 Red Hat OpenShift Dev Spaces Under investigation devspaces/multicluster-redirector-rhel9 Red Hat OpenShift Dev Spaces Under investigation devspaces/openvsx-rhel9 Red Hat OpenShift Dev Spaces Under investigation devspaces/pluginregistry-rhel9 Red Hat OpenShift Dev Spaces Under investigation devspaces/server-rhel9 Red Hat Process Automation 7 Under investigation netty-codec-dns Red Hat Single Sign-On 7 Under investigation netty-codec-dns streams for Apache Kafka 2 Not affected netty-codec-dns streams for Apache Kafka 3 Under investigation netty-codec-dns https://www.cve.org/CVERecord?id=CVE-2026-42579 https://nvd.nist.gov/vuln/detail/CVE-2026-42579 https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm