CVE-2016-4970

Опубликовано: 13 апр. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

Комментарий

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

Ссылки

http://netty.io/news/2016/06/07/4-0-37-Final.html
Release Notes
Vendor Advisory
http://netty.io/news/2016/06/07/4-1-1-Final.html
Release Notes
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2017-0179.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-1097.html
Third Party Advisory
http://www.securityfocus.com/bid/96540
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1343616
Issue Tracking
Third Party Advisory
VDB Entry
https://github.com/netty/netty/pull/5364
Patch
Third Party Advisory
https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E
https://wiki.opendaylight.org/view/Security_Advisories
Third Party Advisory
http://netty.io/news/2016/06/07/4-0-37-Final.html
Release Notes
Vendor Advisory
http://netty.io/news/2016/06/07/4-1-1-Final.html
Release Notes
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2017-0179.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-1097.html
Third Party Advisory
http://www.securityfocus.com/bid/96540
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1343616
Issue Tracking
Third Party Advisory
VDB Entry
https://github.com/netty/netty/pull/5364
Patch
Third Party Advisory
https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E
https://wiki.opendaylight.org/view/Security_Advisories
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*

Версия от 4.0.20 (включая) до 4.0.37 (исключая)

cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*

Версия от 4.1.0 (включая) до 4.1.1 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:jboss_data_grid:7.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*

Конфигурация 3

cpe:2.3:a:apache:cassandra:3.11.4:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.0823

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-835

Связанные уязвимости

CVE-2016-4970

CVSS3: 7.5

ubuntu

почти 9 лет назад

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

CVE-2016-4970

CVSS3: 3.7

redhat

больше 9 лет назад

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

CVE-2016-4970

CVSS3: 7.5

debian

почти 9 лет назад

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and ...

GHSA-rv63-gqm8-9w8q

CVSS3: 7.5

github

больше 3 лет назад

Loop with Unreachable Exit Condition in Netty

EPSS

Процентиль: 92%

0.0823

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-835