CVE-2014-3488

CVSS v2.0 5 (Medium)

EPSS 1.12 % (85^th)

Affected Products 1

Advisories 1

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2014-07-31 14:55:02
(10 years ago)
Updated Date: 2020-02-19 20:15:12
(4 years ago)

Affected Products

Netty

Netty

Configuration #1

		CPE23	From	Up To
	Netty 3.9.1.1 and prior versions	cpe:2.3:a:netty:netty		<= 3.9.1.1
	Netty 3.6.0	cpe:2.3:a:netty:netty:3.6.0
	Netty 3.6.1	cpe:2.3:a:netty:netty:3.6.1
	Netty 3.6.2	cpe:2.3:a:netty:netty:3.6.2
	Netty 3.6.3	cpe:2.3:a:netty:netty:3.6.3
	Netty 3.6.4	cpe:2.3:a:netty:netty:3.6.4
	Netty 3.6.5	cpe:2.3:a:netty:netty:3.6.5
	Netty 3.6.6	cpe:2.3:a:netty:netty:3.6.6
	Netty 3.6.7	cpe:2.3:a:netty:netty:3.6.7
	Netty 3.6.8	cpe:2.3:a:netty:netty:3.6.8
	Netty 3.7.0	cpe:2.3:a:netty:netty:3.7.0
	Netty 3.8.0	cpe:2.3:a:netty:netty:3.8.0
	Netty 3.8.1	cpe:2.3:a:netty:netty:3.8.1
	Netty 3.9.0	cpe:2.3:a:netty:netty:3.9.0
	Netty 3.9.1	cpe:2.3:a:netty:netty:3.9.1