Your submission was sent successfully! Close

CVE-2014-3488

Published: 31 July 2014

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

Notes

AuthorNote
seth-arnold
only 3.9.x branch affected
Priority

Medium

Status

Package Release Status
netty
Launchpad, Ubuntu, Debian
lucid Not vulnerable

precise Not vulnerable

saucy Not vulnerable

trusty Not vulnerable

upstream
Released (3.9.2.Final)
utopic Not vulnerable

Patches:
upstream: https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994