Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1107983 - (CVE-2014-3488) CVE-2014-3488 Netty: DoS by CPU exhaustion when using malicious SSL packets
CVE-2014-3488 Netty: DoS by CPU exhaustion when using malicious SSL packets
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20140611,repo...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2014-06-11 04:41 EDT by Arun Babu Neelicattu
Modified: 2015-02-15 16:54 EST (History)
4 users (show)

See Also:
Fixed In Version: Netty 3.9.2.Final
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-13 04:53:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Arun Babu Neelicattu 2014-06-11 04:41:35 EDT 
It was discovered that when handling specifically crafted SSL packets, the SslHandler implementation in Netty entered an infinite loop. An unauthenticated remote attacker could use this flaw to trigger a denial of service by CPU exhaustion.

Affects: 3.9.0, 3.9.1
Comment 1 Arun Babu Neelicattu 2014-06-11 04:46:29 EDT 
Statement:

Netty versions as shipped by Red Hat products are not affected by this flaw.
Comment 4 Norman Maurer 2014-06-11 05:41:11 EDT 
Here is the issue and the fix:
https://github.com/netty/netty/issues/2562
Comment 5 Norman Maurer 2014-06-11 06:14:50 EDT 
Netty 3.9.2.Final was released with the fix included.

See http://netty.io/news/2014/06/11/3.html
Comment 6 Arun Babu Neelicattu 2014-06-13 04:40:40 EDT 
Acknowledgement:

Red Hat would like to thank Laurentiu Luca for reporting this issue.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.