CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

Published: Apr 13, 2017
Updated: Nov 8, 2023
CVE: CVE-2016-4970
GHSA: GHSA-rv63-gqm8-9w8q
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-835

Affected Software
References

Software	From	Fixed in
netty / netty	4.0.20	4.0.37
netty / netty	4.1.0	4.1.1
redhat / jboss_data_grid	7.1	7.1.x
redhat / jboss_middleware_text-only_advisories	1.0	1.0.x
apache / cassandra	3.11.4	3.11.4.x
io.netty / netty-all	4.0.0	4.0.37
io.netty / netty-all	4.1.0.Beta1	4.1.1

http://netty.io/news/2016/06/07/4-0-37-Final.html
http://netty.io/news/2016/06/07/4-1-1-Final.html
http://rhn.redhat.com/errata/RHSA-2017-0179.html
http://rhn.redhat.com/errata/RHSA-2017-1097.html
http://www.securityfocus.com/bid/96540
https://bugzilla.redhat.com/show_bug.cgi?id=1343616
https://github.com/netty/netty/pull/5364
https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E
https://wiki.opendaylight.org/view/Security_Advisories

Vulnerability Database

289,599

CVE-2016-4970