handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
References
Link | Resource |
---|---|
http://netty.io/news/2016/06/07/4-0-37-Final.html | Release Notes Vendor Advisory |
http://netty.io/news/2016/06/07/4-1-1-Final.html | Release Notes Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2017-0179.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2017-1097.html | Third Party Advisory |
http://www.securityfocus.com/bid/96540 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=1343616 | Issue Tracking Third Party Advisory VDB Entry |
https://github.com/netty/netty/pull/5364 | Patch Third Party Advisory |
https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E | |
https://wiki.opendaylight.org/view/Security_Advisories | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
14 Feb 2021, 02:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.19:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.34:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.31:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.28:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.32:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.36:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.30:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.33:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.29:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.35:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:* |
cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:* cpe:2.3:a:apache:cassandra:3.11.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_data_grid:7.1:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0179.html - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-1097.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144@%3Ccommits.cassandra.apache.org%3E - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://netty.io/news/2016/06/07/4-0-37-Final.html - Release Notes, Vendor Advisory | |
CWE | CWE-835 |
09 Feb 2021, 23:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netty:netty:4.1.0:*:*:*:*:*:*:* |
Information
Published : 2017-04-13 14:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-4970
Mitre link : CVE-2016-4970
CVE.ORG link : CVE-2016-4970
JSON object : View
Products Affected
redhat
- jboss_middleware_text-only_advisories
- jboss_data_grid
apache
- cassandra
netty
- netty
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')