25 matches found
CVE-2023-34462
CVE-2023-34462 affects Netty SniHandler: during TLS handshake, it can allocate up to 16 MB of heap per channel (ByteBuf from ClientHello) if no idle timeout is set, enabling a crafted ClientHello to trigger memory growth and DoS. The issue is fixed in Netty 4.1.94.Final. Remediation: upgrade Nett...
CVE-2023-34462 netty-handler SniHandler 16MB allocation
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle...
CVE-2023-34462 netty-handler SniHandler 16MB allocation
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle...
netty-handler SniHandler 16MB allocation
Summary The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the SniHandler to allocate 16MB of heap. Details The SniHandler class is a handler that waits...
GHSA-6MJQ-H674-J845 netty-handler SniHandler 16MB allocation
Summary The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the SniHandler to allocate 16MB of heap. Details The SniHandler class is a handler that waits...