Denial of service in Netty · CVE-2014-3488 · GitHub Advisory Database · GitHub

Denial of service in Netty

Moderate severity GitHub Reviewed Published Jun 30, 2020 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

io.netty:netty-handler (Maven)

Affected versions

< 3.9.2

Patched versions

3.9.2

Description

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

References

Reviewed Jun 30, 2020

Published to the GitHub Advisory Database Jun 30, 2020

Last updated Jan 9, 2023