SUSE CVE-2025-24970

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead...

CVE-2025-24970

A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

CVE-2025-24970

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead...

CVE-2025-24970

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead...

CVE-2025-24970 SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead...

CVE-2025-24970

CVE-2025-24970 (Netty) affects Netty 4.1.91.Final through 4.1.118.Final. A crafted packet via SslHandler can fail validation, causing a native crash. A patch exists in 4.1.118.Final. Workarounds include disabling the native SSLEngine or applying code-level changes as noted by advisories. IBM bull...

CVE-2025-24970 SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead...

GHSA-4G8C-WM8X-JFHW SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

Impact When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Workarounds As workaround its possible to either disable the usage of the native SSLEngine or changing the code from: SslContext...

SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

Impact When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Workarounds As workaround its possible to either disable the usage of the native SSLEngine or changing the code from: SslContext...

Netty 输入验证错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. An input validation error vulnerability exists in Netty versions 4.1.91.Final through prior to 4.1.118.Final, which stems from...

CVE-2023-34462

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle...

Denial of service in Netty

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted SSLv2Hello message...

GHSA-9959-6P3M-WXPC Denial of service in Netty

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted SSLv2Hello message...

[SECURITY] [DLA 2110-1] netty-3.9 security update

Package : netty-3.9 Version : 3.9.0.Final-1+deb8u1 CVE ID : CVE-2014-0193 CVE-2014-3488 CVE-2019-16869 CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 Debian Bug : 746639 941266 950966 950967 Several vulnerabilities were discovered in Netty, a Java NIO client/server socket framework: CVE-2014-0193...

CVE-2014-3488

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted SSLv2Hello message...

CVE-2014-3488

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted SSLv2Hello message...

Design/Logic Flaw

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted SSLv2Hello message...

CVE-2014-3488

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted SSLv2Hello message...

CVE-2014-3488

Netty CVE-2014-3488: The SslHandler in Netty before 3.9.2 is vulnerable to a remote DoS via a crafted SSLv2Hello message that can cause an infinite loop and high CPU usage. Affected are Netty 3.9.x predecessors up to 3.9.2. Remediation: upgrade to Netty 3.9.2.Final or later (as noted in advisorie...

CVE-2014-3488

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted SSLv2Hello message...