Podatność CVE-2016-4970


Publikacja: 2017-04-13

Opis:
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

Typ:

CWE-Other

Producent: Netty project
Produkt: Netty 
Wersje:
4.1.1
4.1
4.0.9
4.0.8
4.0.7
4.0.6
4.0.5
4.0.4
4.0.37
4.0.36
4.0.35
4.0.34
4.0.33
4.0.32
4.0.31
4.0.30
4.0.3
4.0.29
4.0.28
4.0.27
4.0.26
4.0.25
4.0.24
4.0.23
4.0.22
4.0.21
4.0.20
4.0.2
4.0.19
4.0.18
4.0.17
4.0.16
4.0.15
4.0.14
4.0.13
4.0.12
4.0.11
4.0.10
4.0.1
4.0.0

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
7.8/10
6.9/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Brak
Pełny

 Referencje:
http://netty.io/news/2016/06/07/4-0-37-Final.html
http://netty.io/news/2016/06/07/4-1-1-Final.html
http://rhn.redhat.com/errata/RHSA-2017-0179.html
http://rhn.redhat.com/errata/RHSA-2017-1097.html
http://www.securityfocus.com/bid/96540
https://bugzilla.redhat.com/show_bug.cgi?id=1343616
https://github.com/netty/netty/pull/5364
https://wiki.opendaylight.org/view/Security_Advisories

Podobne CVE
CVE-2015-2156
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by ...
CVE-2014-3488
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
CVE-2014-0193
WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a ...

Copyright 2019, cxsecurity.com

 

Back to Top