Description
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96540
Patch, Third Party Advisory x_refsource_confirm
https://github.com/netty/netty/pull/5364
Third Party Advisory x_refsource_confirm
https://wiki.opendaylight.org/view/Security_Advisories
Release Notes, Vendor Advisory x_refsource_confirm
http://netty.io/news/2016/06/07/4-0-37-Final.html
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1343616
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0179.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-1097.html
Release Notes, Vendor Advisory x_refsource_confirm
http://netty.io/news/2016/06/07/4-1-1-Final.html
Scores
CVSS v3
7.5
EPSS
0.0823
EPSS Percentile
92.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (5)
apache/cassandra
3.11.4
io.netty/netty-handler
4.0.0.Alpha1 - 4.0.37.FinalMaven
netty/netty
4.0.20 - 4.0.37
redhat/jboss_data_grid
7.1
redhat/jboss_middleware_text-only_advisories
1.0
Published
Apr 13, 2017
Tracked Since
Feb 18, 2026