CVE-2014-3488

Netty < 3.9.2 - Denial of Service via SSLv2Hello Message

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-3488. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains a partial snapshot of the Netty project source code but lacks any exploit code or technical analysis related to CVE-2014-3488. It appears to be a placeholder or incomplete repository.

Description

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

Exploits (2)

nomisec STUB

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2014-3488-netty-vulnerable

View Code ZIP pw:eip

This repository contains a partial snapshot of the Netty project source code but lacks any exploit code or technical analysis related to CVE-2014-3488. It appears to be a placeholder or incomplete repository.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Netty (version not specified)

No auth needed

Prerequisites: None identified

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec WORKING POC

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2014-3488-netty-vulnerable

View Code ZIP pw:eip

This repository contains a vulnerable version of Netty (3.x) that demonstrates CVE-2014-3488, a deserialization vulnerability in Netty's HTTP decoder. The code includes the full Netty framework with the vulnerable components, allowing researchers to test and verify the exploit.

Classification

Working Poc 90%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Netty 3.x

No auth needed

Prerequisites: Network access to a vulnerable Netty server · Ability to send crafted HTTP requests

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory x_refsource_confirm

http://netty.io/news/2014/06/11/3-9-2-Final.html

Exploit, Patch x_refsource_confirm

https://github.com/netty/netty/issues/2562

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59196

Patch x_refsource_confirm

https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994

View Patch ZIP pw:eip

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html

Scores

EPSS 0.0064

EPSS Percentile 71.1%

Details

CWE

CWE-119

Status published

Products (16)

io.netty/netty-handler 0 - 3.9.2Maven

netty/netty 3.6.0

netty/netty 3.6.1

netty/netty 3.6.2

netty/netty 3.6.3

netty/netty 3.6.4

netty/netty 3.6.5

netty/netty 3.6.6

netty/netty 3.6.7

netty/netty 3.6.8

... and 6 more

Published Jul 31, 2014

Tracked Since Feb 18, 2026