Описание
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | netty | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools | netty | Not affected | ||
| Red Hat JBoss BRMS 6 | netty | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | netty | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | netty | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | netty | Not affected | ||
| Red Hat JBoss Fuse 6 | camel | Affected | ||
| Red Hat JBoss Fuse Service Works 6 | netty | Not affected | ||
| Red Hat JBoss Operations Network 3 | netty | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | netty | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1343616netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
3.7 Low
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 9 лет назад
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
CVSS3: 7.5
nvd
почти 9 лет назад
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
CVSS3: 7.5
debian
почти 9 лет назад
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and ...
3.7 Low
CVSS3
4.3 Medium
CVSS2