CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://netty.io/news/2016/06/07/4-0-37-Final.html	Release Notes Vendor Advisory
http://netty.io/news/2016/06/07/4-1-1-Final.html	Release Notes Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2017-0179.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-1097.html	Third Party Advisory
http://www.securityfocus.com/bid/96540	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1343616	Issue Tracking Third Party Advisory VDB Entry
https://github.com/netty/netty/pull/5364	Patch Third Party Advisory
https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E
https://wiki.opendaylight.org/view/Security_Advisories	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:netty:netty::::::::
	cpe:2.3:a:netty:netty::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:jboss_data_grid:7.1:::::::*
	cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:::::middleware::

Configuration 3 (hide)

cpe:2.3:a:apache:cassandra:3.11.4:*:*:*:*:*:*:*

History

07 Nov 2023, 02:32

Type	Values Removed	Values Added
References	{'url': 'https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144@%3Ccommits.cassandra.apache.org%3E', 'name': '[cassandra-commits] 20191112 [jira] [Created] (CASSANDRA-15412) Security vulnerability CVE-2016-4970 for Netty', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}	() https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E -

14 Feb 2021, 02:56

Type	Values Removed	Values Added
CPE	cpe:2.3:a:netty:netty:4.0.18:::::::* cpe:2.3:a:netty:netty:4.0.0:::::::* cpe:2.3:a:netty:netty:4.0.8:::::::* cpe:2.3:a:netty:netty:4.0.17:::::::* cpe:2.3:a:netty:netty:4.0.25:::::::* cpe:2.3:a:netty:netty:4.0.14:::::::* cpe:2.3:a:netty:netty:4.0.5:::::::* cpe:2.3:a:netty:netty:4.1.0:::::::* cpe:2.3:a:netty:netty:4.0.12:::::::* cpe:2.3:a:netty:netty:4.0.19:::::::* cpe:2.3:a:netty:netty:4.0.22:::::::* cpe:2.3:a:netty:netty:4.0.27:::::::* cpe:2.3:a:netty:netty:4.0.4:::::::* cpe:2.3:a:netty:netty:4.0.6:::::::* cpe:2.3:a:netty:netty:4.0.2:::::::* cpe:2.3:a:netty:netty:4.0.10:::::::* cpe:2.3:a:netty:netty:4.0.26:::::::* cpe:2.3:a:netty:netty:4.0.9:::::::* cpe:2.3:a:netty:netty:4.0.34:::::::* cpe:2.3:a:netty:netty:4.0.1:::::::* cpe:2.3:a:netty:netty:4.0.16:::::::* cpe:2.3:a:netty:netty:4.0.23:::::::* cpe:2.3:a:netty:netty:4.0.31:::::::* cpe:2.3:a:netty:netty:4.0.11:::::::* cpe:2.3:a:netty:netty:4.0.24:::::::* cpe:2.3:a:netty:netty:4.0.28:::::::* cpe:2.3:a:netty:netty:4.0.32:::::::* cpe:2.3:a:netty:netty:4.0.20:::::::* cpe:2.3:a:netty:netty:4.0.13:::::::* cpe:2.3:a:netty:netty:4.0.36:::::::* cpe:2.3:a:netty:netty:4.0.30:::::::* cpe:2.3:a:netty:netty:4.0.3:::::::* cpe:2.3:a:netty:netty:4.0.33:::::::* cpe:2.3:a:netty:netty:4.0.29:::::::* cpe:2.3:a:netty:netty:4.0.15:::::::* cpe:2.3:a:netty:netty:4.0.7:::::::* cpe:2.3:a:netty:netty:4.0.35:::::::* cpe:2.3:a:netty:netty:4.0.21:::::::*	cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:::::middleware:: cpe:2.3:a:apache:cassandra:3.11.4:::::::* cpe:2.3:a:redhat:jboss_data_grid:7.1:::::::* cpe:2.3:a:netty:netty::::::::
References	~~(REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0179.html -~~	(REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0179.html - Third Party Advisory
References	~~(REDHAT) http://rhn.redhat.com/errata/RHSA-2017-1097.html -~~	(REDHAT) http://rhn.redhat.com/errata/RHSA-2017-1097.html - Third Party Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144@%3Ccommits.cassandra.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144@%3Ccommits.cassandra.apache.org%3E - Mailing List, Third Party Advisory
References	~~(CONFIRM) http://netty.io/news/2016/06/07/4-0-37-Final.html -~~	(CONFIRM) http://netty.io/news/2016/06/07/4-0-37-Final.html - Release Notes, Vendor Advisory
CWE	~~NVD-CWE-Other~~	CWE-835

09 Feb 2021, 23:24

Type	Values Removed	Values Added
CPE	cpe:2.3:a:netty:netty:4.1:::::::*	cpe:2.3:a:netty:netty:4.1.0:::::::*

Information

Published : 2017-04-13 14:59

Updated : 2023-12-10 12:01

NVD link : CVE-2016-4970

Mitre link : CVE-2016-4970

CVE.ORG link : CVE-2016-4970

JSON object : View

Products Affected

redhat

jboss_middleware_text-only_advisories
jboss_data_grid

apache

cassandra

netty

netty

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2016-4970

7.5^/10

7.8^/10

Attach tags to `CVE-2016-4970`