CVSS: 5.0EPSS: 1%CPEs: 15EXPL: 1CVE-2014-3488
https://notcve.org/view.php?id=CVE-2014-3488
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message. SslHandler en Netty anterior a 3.9.2 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un mensaje SSLv2Hello manipulado. • http://netty.io/news/2014/06/11/3-9-2-Final.html http://secunia.com/advisories/59196 https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994 https://github.com/netty/netty/issues/2562 https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 5%CPEs: 32EXPL: 0CVE-2014-0193 – netty: DoS via memory exhaustion during data aggregation
https://notcve.org/view.php?id=CVE-2014-0193
WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames. WebSocket08FrameDecoder en Netty 3.6.x anterior a 3.6.9, 3.7.x anterior a 3.7.1, 3.8.x anterior a 3.8.2, 3.9.x anterior a 3.9.1 y 4.0.x anterior a 4.0.19 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un TextWebSocketFrame seguido por una cadena larga de ContinuationWebSocketFrames. A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service. • http://netty.io/news/2014/04/30/release-day.html http://rhn.redhat.com/errata/RHSA-2014-1019.html http://rhn.redhat.com/errata/RHSA-2014-1020.html http://rhn.redhat.com/errata/RHSA-2014-1021.html http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://secunia.com/advisories/58280 http://secunia.com/advisor • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •