Hide Forgot
It was discovered that when handling specifically crafted SSL packets, the SslHandler implementation in Netty entered an infinite loop. An unauthenticated remote attacker could use this flaw to trigger a denial of service by CPU exhaustion. Affects: 3.9.0, 3.9.1
Statement: Netty versions as shipped by Red Hat products are not affected by this flaw.
Here is the issue and the fix: https://github.com/netty/netty/issues/2562
Netty 3.9.2.Final was released with the fix included. See http://netty.io/news/2014/06/11/3.html
Acknowledgement: Red Hat would like to thank Laurentiu Luca for reporting this issue.