Published: 13/04/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

handler/ssl/OpenSslEngine.java in Netty 4.0.x prior to 4.0.37.Final and 4.1.x prior to 4.1.1.Final allows remote malicious users to cause a denial of service (infinite loop).

Vulnerable Product	Search on Vulmon	Subscribe to Product
netty netty
redhat jboss data grid 7.1
redhat jboss middleware text-only advisories 1.0
apache cassandra 3.11.4

Debian Bug report logs - #827620 netty: CVE-2016-4970: Infinite loop vulnerability when handling renegotiation using SslProviderOpenSsl Package: src:netty; Maintainer for src:netty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sa ...

Synopsis Moderate: Red Hat JBoss Data Grid 71 Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Data Grid 71 is now available for download from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVS ...

Synopsis Important: Red Hat Fuse 770 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 76 to 77) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Produc ...

handler/ssl/OpenSslEnginejava in Netty 40x before 4037Final and 41x before 411Final allows remote attackers to cause a denial of service (infinite loop) ...

CWE-835 https://wiki.opendaylight.org/view/Security_Advisories https://github.com/netty/netty/pull/5364 https://bugzilla.redhat.com/show_bug.cgi?id=1343616 http://www.securityfocus.com/bid/96540 http://netty.io/news/2016/06/07/4-1-1-Final.html http://netty.io/news/2016/06/07/4-0-37-Final.html http://rhn.redhat.com/errata/RHSA-2017-1097.html http://rhn.redhat.com/errata/RHSA-2017-0179.html https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827620 https://nvd.nist.gov

CVE-2016-4970

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect