HIGH

GHSA-h2qv-fj59-j46j

Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion

Details

### Impact The HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested `PP2_TYPE_SSL` TLVs (type-length-value records) at depth two or greater. The leak occurs on the successful parse path — no exception is thrown, the message fires downstream, the decoder removes itself, and the application releases the `HAProxyMessage` normally. Yet the underlying cumulation buffer (a pooled, potentially direct `ByteBuf` allocated by the channel) remains permanently pinned.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / io.netty:netty-codec-haproxy

Introduced in: 4.2.0.Final Fixed in: 4.2.15.Final

Fix # pom.xml: bump <version>4.2.15.Final</version> for io.netty:netty-codec-haproxy

Maven / io.netty:netty-codec-haproxy

Introduced in: 0 Fixed in: 4.1.135.Final

Fix # pom.xml: bump <version>4.1.135.Final</version> for io.netty:netty-codec-haproxy

Details

Are you affected?

Affected packages

References