A high-severity vulnerability affecting netty-codec-stomp versions >= 4.2.0.Alpha1, <= 4.2.15.Final affecting netty-codec-stomp versions <= 4.1.135.Final, CVE-2026-44891 with a CVSS score of 7.5, affects servers exposing a STOMP endpoint based on StompSubframeDecoder, making them vulnerable to Denial of Service via unbounded headers. The flaw type is CWE-400 and CWE-770, which relate to buffer errors and resource management issues. An attacker can exploit this vulnerability by sending a large number of short headers in a single STOMP frame, causing an OutOfMemoryError and leading to a Denial of Service attack. This occurs because the StompSubframeDecoder component fails to limit the total number of headers or their cumulative size per frame. The business impact is significant, as it allows an attacker to easily exhaust the server's memory by sending a single malicious STOMP message, resulting in a DoS attack.
We recommend you to update io.netty:netty-codec-stomp to version 4.2.16.Final or 4.1.136.Final.[/subscribe_to_unlock_form]
A high-severity vulnerability affecting netty-codec-stomp versions >= 4.2.0.Alpha1, <= 4.2.15.Final affecting netty-codec-stomp versions <= 4.1.135.Final, CVE-2026-44891 with a CVSS score of 7.5, affects servers exposing a STOMP endpoint based on StompSubframeDecoder, making them vulnerable to Denial of Service via unbounded headers. The flaw type is CWE-400 and CWE-770, which relate to buffer errors and resource management issues. An attacker can exploit this vulnerability by sending a large number of short headers in a single STOMP frame, causing an OutOfMemoryError and leading to a Denial of Service attack. This occurs because the StompSubframeDecoder component fails to limit the total number of headers or their cumulative size per frame. The business impact is significant, as it allows an attacker to easily exhaust the server's memory by sending a single malicious STOMP message, resulting in a DoS attack.
We recommend you to update io.netty:netty-codec-stomp to version 4.2.16.Final or 4.1.136.Final.[emaillocker id="1283"]
The following reports contain further technical details:
[/emaillocker]