CVE-2014-3488

Description

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

How to fix CVE-2014-3488

To remediate CVE-2014-3488, upgrade the affected package to a fixed version below.

• Maven/io.netty:netty-handler—upgrade to 3.9.2 or later

Is CVE-2014-3488 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.9.2

References (8)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-3488
• PATCHgithub.com/netty/netty
• WEBnetty.io/news/2014/06/11/3-9-2-Final.html
• WEBsecunia.com/advisories/59196
• WEBgithub.com