{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-19T19:06:09", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://netty.io/news/2014/06/11/3-9-2-Final.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/netty/netty/issues/2562"}, {"name": "59196", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59196"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994"}, {"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3488", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://netty.io/news/2014/06/11/3-9-2-Final.html", "refsource": "CONFIRM", "url": "http://netty.io/news/2014/06/11/3-9-2-Final.html"}, {"name": "https://github.com/netty/netty/issues/2562", "refsource": "CONFIRM", "url": "https://github.com/netty/netty/issues/2562"}, {"name": "59196", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59196"}, {"name": "https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994", "refsource": "CONFIRM", "url": "https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994"}, {"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:43:06.356Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://netty.io/news/2014/06/11/3-9-2-Final.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/netty/netty/issues/2562"}, {"name": "59196", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59196"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994"}, {"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3488", "datePublished": "2014-07-31T14:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:43:06.356Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*", "matchCriteriaId": "C25A1DCE-E327-4BB4-9689-FCFEC8D605EA", "versionEndIncluding": "3.9.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3EEBC0F-815E-4F66-B9B4-1256AAAB03A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "140919D1-2868-4F11-8421-5CA35A3FFCA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "28C7EA90-B934-438B-9705-5B53B0F3D09C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "6C1DCF99-CBB1-4FD2-B073-B91A2DD27290", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "E4EA1D52-61D5-4448-BA64-0D9A8FFFE173", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "2CFB08C8-9021-4C26-B8B8-A2C07EB4BB83", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "C3707350-D658-485E-A136-04AF3ED7AF4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "8D4831E7-1F30-4AEA-82D8-E703701DC8B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "7CE508BE-00C4-4304-BA92-063129C2B6E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3876968E-7B85-4149-BF6B-488D32A7B2B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "2C365439-029C-4F5F-ADB2-0153DD4965B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "CAECE2B6-DD9F-4FEC-B15F-EA99BF716390", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "9879F5B0-DF82-470F-A028-1B69BFB67FB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:netty:netty:3.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "32DFF597-4F5A-44E1-BB82-F5DF7942F6AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message."}, {"lang": "es", "value": "SslHandler en Netty anterior a 3.9.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y consumo de CPU) a trav\u00e9s de un mensaje SSLv2Hello manipulado."}], "id": "CVE-2014-3488", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-31T14:55:02.910", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://netty.io/news/2014/06/11/3-9-2-Final.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59196"}, {"source": "secalert@redhat.com", "url": "https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/netty/netty/issues/2562"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://netty.io/news/2014/06/11/3-9-2-Final.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/netty/netty/issues/2562"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Laurentiu Luca for reporting this issue.", "bugzilla": {"description": "Netty: DoS by CPU exhaustion when using malicious SSL packets", "id": "1107983", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107983"}, "csaw": false, "cvss": {"cvss_base_score": "7.8", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "status": "draft"}, "cwe": "CWE-835", "details": ["The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message."], "name": "CVE-2014-3488", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform", "fix_state": "Not affected", "package_name": "netty", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6", "fix_state": "Not affected", "package_name": "netty", "product_name": "Red Hat JBoss BRMS 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Not affected", "package_name": "netty", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "netty", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "others", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "netty", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5", "fix_state": "Not affected", "package_name": "netty", "product_name": "Red Hat JBoss Portal 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Not affected", "package_name": "netty", "product_name": "Red Hat JBoss Portal 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "netty", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Not affected", "package_name": "thermostat1-netty", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Not affected", "package_name": "netty", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2014-06-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3488\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3488"], "statement": "Netty versions as shipped by Red Hat products are not affected by this flaw.", "threat_severity": "Important"}