Denial of Service Vulnerability in Netty by Requesting Malformed SSLv2Hello Messages
CVE-2014-3488

Currently unrated

Key Information:

Vendor: Netty
Status: Netty
Vendor: CVE Published:; 31 July 2014

Summary

The SslHandler component in Netty versions prior to 3.9.2 is susceptible to a denial of service attack. By sending a specially crafted SSLv2Hello message, attackers can induce an infinite loop, resulting in excessive CPU usage. This vulnerability allows remote actors to leverage this flaw for disruption, significantly affecting server availability.

References

http://netty.io/news/2014/06/11/3-9-2-Final.html

x_refsource_CONFIRM

https://github.com/netty/netty/issues/2562

x_refsource_CONFIRM

http://secunia.com/advisories/59196

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 31, 2014
Vulnerability Reserved
May 14, 2014