Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-34462

Published: 22/06/2023 Updated: 18/11/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Netty

Vulnerability Summary

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.

Vulnerable Product Search on Vulmon Subscribe to Product

netty netty

Vendor Advisories

Debian CVElist Bug Report Logs: netty: CVE-2023-34462
Debian Bug report logs - #1038947 netty: CVE-2023-34462 Package: src:netty; Maintainer for src:netty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 23 Jun 2023 15:06:01 UTC Severity: important Tags: security Reply or subscri ...
Debian Security Advisories: DSA-5558-1 netty -- security update
Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework CVE-2023-34462 It might be possible for a remote peer to send a client hello packet during a TLS handshake which lead the server to buffer up to 16 MB of data per connection This could lead to a OutOfMemoryError and so result in a ...
Red Hat: Moderate: Red Hat Integration Camel for Spring Boot 4.0.0 release and security update
Synopsis Moderate: Red Hat Integration Camel for Spring Boot 400 release and security update Type/Severity Security Advisory: Moderate Topic Red Hat Integration Camel for Spring Boot 400 release and security update is now available Red Hat Product Security has rated this update as having an impact of Moderate A Common Vulnerability Scor ...
Red Hat: Moderate: Red Hat Data Grid 8.4.4 security update
Synopsis Moderate: Red Hat Data Grid 844 security update Type/Severity Security Advisory: Moderate Topic An update for Red Hat Data Grid 8 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, i ...
Red Hat: Important: Red Hat Integration Camel K 1.10.5 release and security update
Synopsis Important: Red Hat Integration Camel K 1105 release and security update Type/Severity Security Advisory: Important Topic Red Hat Integration Camel K 1105 release and security update is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7
Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...
Red Hat: Moderate: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images
Synopsis Moderate: Red Hat build of Cryostat 240: new RHEL 8 container images Type/Severity Security Advisory: Moderate Topic New Red Hat build of Cryostat 240 on RHEL 8 container images are now available Description New Red Hat build of Cryostat 240 on RHEL 8 container images have been released, adding a variety of features and bug f ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Important: Red Hat build of Quarkus 2.13.9 release and security update
Synopsis Important: Red Hat build of Quarkus 2139 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of QuarkusRed Hat Product Security has rated this update as having a security impact ofModerate A Common Vulnerability Scoring System (CVSS) base score, which gives ade ...
Red Hat: Important: Service Registry (container images) release and security update [2.5.4 GA]
Synopsis Important: Service Registry (container images) release and security update [254 GA] Type/Severity Security Advisory: Important Topic An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog The purpose of this text-only errata is to inform you about the security issues ...
Red Hat: Important: Red Hat AMQ Broker 7.11.3 release and security update
Synopsis Important: Red Hat AMQ Broker 7113 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Broker 7113 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8
Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update on RHEL 8 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...
Red Hat: Moderate: AMQ Clients 2023.Q4
概述 Moderate: AMQ Clients 2023Q4 类型/严重性 Security Advisory: Moderate 标题 An update is now available for Red Hat AMQ ClientsRed Hat Product Security has rated this update as having an impact ofModerateA Common Vulnerability Scoring System (CVSS) base score, which gives a detailedseverity rating, is available for each vulnerabi ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9
Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...

References

CWE-400https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32https://security.netapp.com/advisory/ntap-20230803-0001/https://www.debian.org/security/2023/dsa-5558https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038947https://www.debian.org/security/2023/dsa-5558https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook