Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2014-3488
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
| Software | From | Fixed in |
|---|---|---|
| netty / netty | 3.6.1 | 3.6.1.x |
| netty / netty | 3.6.2 | 3.6.2.x |
| netty / netty | 3.6.3 | 3.6.3.x |
| netty / netty | 3.6.4 | 3.6.4.x |
| netty / netty | 3.6.5 | 3.6.5.x |
| netty / netty | 3.6.6 | 3.6.6.x |
| netty / netty | 3.6.7 | 3.6.7.x |
| netty / netty | 3.6.8 | 3.6.8.x |
| netty / netty | 3.7.0 | 3.7.0.x |
| netty / netty | 3.8.0 | 3.8.0.x |
| netty / netty | 3.8.1 | 3.8.1.x |
| netty / netty | 3.9.0 | 3.9.0.x |
| netty / netty | 3.9.1 | 3.9.1.x |
| netty / netty | 3.6.0 | 3.6.0.x |
| netty / netty | - | 3.9.1.1.x |
io.netty / netty-handler
|
- | 3.9.2 |
- http://netty.io/news/2014/06/11/3-9-2-Final.html
- http://secunia.com/advisories/59196
- https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994
- https://github.com/netty/netty/issues/2562
- https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
- https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSNETTY-31630