Netty
CVE-2014-3488
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:N/I:N/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:N/A:P
Lifecycle Timeline
1DescriptionCVE.org
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
AnalysisAI
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message. Affected products include: Netty. Version information: before 3.9.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final
Denial of service in the Netty HTTP/3 codec (io.netty:netty-codec-http3) prior to version 4.2.15.Final allows remote una
Denial of service in Netty's io.netty:netty-codec-redis component (prior to 4.1.135.Final and 4.2.15.Final) allows remot
Netty project is an event-driven asynchronous network application framework. Rated high severity (CVSS 7.5), this vulner
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Tr
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performan
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performan
Netty project is an event-driven asynchronous network application framework. Rated medium severity (CVSS 6.5), this vuln
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performan
Netty is an open-source, asynchronous event-driven network application framework. Rated medium severity (CVSS 5.5), this
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable h
Same weakness CWE-119 – Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today