### SummaryAn unsafe reading of environment file could potentially cause a denial of service in Netty.When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash.### DetailsA similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rvThis issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit.### PoCThe PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00.When the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character.### ImpactImpact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv