Denial of Service Vulnerability in Netty by Requesting Malformed SSLv2Hello Messages
CVE-2014-3488

Currently unrated

Key Information:

Vendor

Netty

Status
Netty
Vendor
CVE Published:
31 July 2014

What is CVE-2014-3488?

The SslHandler component in Netty versions prior to 3.9.2 is susceptible to a denial of service attack. By sending a specially crafted SSLv2Hello message, attackers can induce an infinite loop, resulting in excessive CPU usage. This vulnerability allows remote actors to leverage this flaw for disruption, significantly affecting server availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://netty.io/news/2014/06/11/3-9-2-Final.html
x_refsource_CONFIRM
https://github.com/netty/netty/issues/2562
x_refsource_CONFIRM
http://secunia.com/advisories/59196
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.