Back to bug 2216888
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| TEJ RATHI | 2023-06-23 04:20:42 UTC | CC | aazores, adupliak, aileenc, alampare, alazarot, anstephe, asoldano, avibelli, bbaranow, bgeorges, bmaxwell, boliveir, brian.stansberry, cdewolf, clement.escoffier, cmoulliard, dandread, darran.lofthouse, dhanak, dkreling, dosoudil, drichtar, eaguilar, ebaron, emingora, eric.wittmann, fjuma, fmongiar, gjospin, gmalinko, gsmet, gzaronik, hamadhan, hbraun, ibek, ikanello, ivassile, iweiss, janstey, jcantril, jkang, jmartisk, jnethert, jpallich, jpavlik, jpechane, jpoth, jrokos, jscholz, kverlaen, lbacciot, lgao, lthon, max.andersen, michal.skrivanek, mizdebsk, mnovotny, mosmerov, mperina, msochure, mstefank, msvehla, nwallace, pantinor, pdelbell, pdrozd, peholase, periklis, pgallagh, pjindal, pmackay, probinso, pskopek, rguimara, rjohnson, rowaters, rruss, rstancel, rsvoboda, saroy, sbiarozk, sbonazzo, sdouglas, sfroberg, smaestri, sthorger, swoodman, tcunning, tom.jenkinson, tqvarnst, yfang | |
| TEJ RATHI | 2023-06-23 04:21:55 UTC | Blocks | 2216889 | |
| TEJ RATHI | 2023-06-23 04:28:16 UTC | CC | caswilli, dffrench, fjansen, ggastald, kaycoth, ngough, rgodfrey | |
| TEJ RATHI | 2023-06-23 04:31:57 UTC | CC | caswilli, dffrench, fjansen, ggastald, kaycoth, ngough, rgodfrey | |
| TEJ RATHI | 2023-06-23 04:35:55 UTC | CC | caswilli, dffrench, fjansen, ggastald, kaycoth, ngough, rgodfrey | |
| TEJ RATHI | 2023-06-23 04:36:41 UTC | CC | caswilli, dffrench, fjansen, ggastald, kaycoth, ngough, rgodfrey | |
| TEJ RATHI | 2023-06-23 04:38:49 UTC | CC | dffrench, fjansen, kaycoth, ngough, rgodfrey | |
| TEJ RATHI | 2023-06-23 04:46:05 UTC | Depends On | 2216893 | |
| TEJ RATHI | 2023-06-23 05:00:25 UTC | Depends On | 2216898, 2216899, 2216897 | |
| TEJ RATHI | 2023-06-23 05:19:43 UTC | CC | jcantril, periklis | |
| Avinash Hanwate | 2023-06-23 11:52:52 UTC | CC | jcantril, periklis | |
| Red Hat Bugzilla | 2023-07-07 08:28:17 UTC | Assignee | security-response-team | nobody |
| Chess Hazlett | 2023-07-19 20:52:23 UTC | Fixed In Version | netty 4.1.94.Final | |
| Doc Text | It was found that Netty's SniHandler, while navigating TLS handshake, would permit a large heap allocation if the handler did not have a timeout configured. An attacker could send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an Out Of Memory Error and resulting in Denial of Service. | |||
| Chess Hazlett | 2023-07-19 21:24:47 UTC | Alias | TRIAGE-CVE-2023-34462 | CVE-2023-34462 |
| Summary | TRIAGE-CVE-2023-34462 netty: io.netty:netty-handler: SniHandler 16MB allocation | CVE-2023-34462 netty: io.netty:netty-handler: SniHandler 16MB allocation | ||
| Chess Hazlett | 2023-07-19 21:28:03 UTC | Summary | CVE-2023-34462 netty: io.netty:netty-handler: SniHandler 16MB allocation | CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM |
| Paige Jung | 2023-07-19 21:50:11 UTC | Doc Text | It was found that Netty's SniHandler, while navigating TLS handshake, would permit a large heap allocation if the handler did not have a timeout configured. An attacker could send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an Out Of Memory Error and resulting in Denial of Service. | A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service. |
| Red Hat Bugzilla | 2023-07-21 22:26:26 UTC | CC | jpavlik |
Back to bug 2216888