Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-24970

Опубликовано: 10 фев. 2025
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.

Ссылки

EPSS

Процентиль: 33%
0.00124
Низкий

7.5 High

CVSS3

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2025-24970

CVSS3: 7.5
ubuntu
4 месяца назад

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.

redhat логотип

CVE-2025-24970

CVSS3: 7.5
redhat
4 месяца назад

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.

debian логотип

CVE-2025-24970

CVSS3: 7.5
debian
4 месяца назад

Netty, an asynchronous, event-driven network application framework, ha ...

github логотип

GHSA-4g8c-wm8x-jfhw

CVSS3: 7.5
github
4 месяца назад

SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

fstec логотип

BDU:2025-03389

CVSS3: 7.5
fstec
4 месяца назад

Уязвимость сетевого программного средства Netty, связанная с неправильной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 33%
0.00124
Низкий

7.5 High

CVSS3

Дефекты

CWE-20