CVE-2016-4970 - handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allow

CVE-2016-4970

Summary

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop). CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

References

Vulnerable Configurations

cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.28:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.28:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.29:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.29:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.30:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.30:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.31:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.31:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.32:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.32:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.33:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.33:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.34:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.34:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.35:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.35:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.36:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.36:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta5:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta5:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta6:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta6:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta7:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta7:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta8:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta8:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release2:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release2:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release3:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release3:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release4:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release4:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release5:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release5:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release6:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release6:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release7:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:candidate_release7:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*
cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*
cpe:2.3:a:apache:cassandra:3.11.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:cassandra:3.11.4:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 14-02-2021 - 02:56)
Impact:
Exploitability:

CWE

CWE-835

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

redhat via4

advisories

rhsa
id RHSA-2017:0179
rhsa
id RHSA-2017:1097

refmap via4

bid	96540
confirm	http://netty.io/news/2016/06/07/4-0-37-Final.html http://netty.io/news/2016/06/07/4-1-1-Final.html https://bugzilla.redhat.com/show_bug.cgi?id=1343616 https://github.com/netty/netty/pull/5364 https://wiki.opendaylight.org/view/Security_Advisories
mlist	[cassandra-commits] 20191112 [jira] [Created] (CASSANDRA-15412) Security vulnerability CVE-2016-4970 for Netty

Last major update

14-02-2021 - 02:56

Published

13-04-2017 - 14:59

Last modified

14-02-2021 - 02:56