Description
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- none
- Availability
- high
- Weaknesses
- CWE-20NVD-CWE-noinfo
Metadata
- Primary Vendor
- NETTY
- Published
- 2/10/2025
- Last Modified
- 9/5/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
netty : nettynetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : oncommand_insight
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.