CVE-2016-4970
published 2017-04-13CVE-2016-4970: handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | cassandra | — | — |
| debian | netty | < netty 1:4.0.37-1 (bookworm) | netty 1:4.0.37-1 (bookworm) |
| netty | netty | >= 0 < 1:4.0.37-1 | 1:4.0.37-1 |
| netty | netty | >= 0 < 1:4.0.37-1 | 1:4.0.37-1 |
| netty | netty | >= 0 < 1:4.0.37-1 | 1:4.0.37-1 |
| netty | netty | >= 0 < 1:4.0.37-1 | 1:4.0.37-1 |
| netty | netty | >= 4.0.20 < 4.0.37 | 4.0.37 |
| netty | netty | >= 4.1.0 < 4.1.1 | 4.1.1 |
| redhat | jboss_data_grid | — | — |
| redhat | jboss_middleware_text-only_advisories | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH