Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.netty/netty-handler@4.1.93.Final
Typemaven
Namespaceio.netty
Namenetty-handler
Version4.1.93.Final
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.118.Final
Latest_non_vulnerable_version4.1.118.Final
Affected_by_vulnerabilities
0
url VCID-8b9g-6r2j-tqhw
vulnerability_id VCID-8b9g-6r2j-tqhw
summary 
Allocation of Resources Without Limits or Throttling
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34462.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34462.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34462
reference_id
reference_type
scores
0
value 0.00998
scoring_system epss
scoring_elements 0.76997
published_at 2026-04-21T12:55:00Z
1
value 0.00998
scoring_system epss
scoring_elements 0.76902
published_at 2026-04-02T12:55:00Z
2
value 0.00998
scoring_system epss
scoring_elements 0.76933
published_at 2026-04-04T12:55:00Z
3
value 0.00998
scoring_system epss
scoring_elements 0.76915
published_at 2026-04-07T12:55:00Z
4
value 0.00998
scoring_system epss
scoring_elements 0.76948
published_at 2026-04-08T12:55:00Z
5
value 0.00998
scoring_system epss
scoring_elements 0.76959
published_at 2026-04-09T12:55:00Z
6
value 0.00998
scoring_system epss
scoring_elements 0.76986
published_at 2026-04-11T12:55:00Z
7
value 0.00998
scoring_system epss
scoring_elements 0.76966
published_at 2026-04-12T12:55:00Z
8
value 0.00998
scoring_system epss
scoring_elements 0.76961
published_at 2026-04-13T12:55:00Z
9
value 0.00998
scoring_system epss
scoring_elements 0.77002
published_at 2026-04-16T12:55:00Z
10
value 0.00998
scoring_system epss
scoring_elements 0.77005
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34462
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
5
reference_url https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32
6
reference_url https://security.netapp.com/advisory/ntap-20230803-0001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230803-0001
7
reference_url https://security.netapp.com/advisory/ntap-20240621-0007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0007
8
reference_url https://www.debian.org/security/2023/dsa-5558
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://www.debian.org/security/2023/dsa-5558
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038947
reference_id 1038947
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038947
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2216888
reference_id 2216888
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2216888
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34462
reference_id CVE-2023-34462
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34462
12
reference_url https://github.com/advisories/GHSA-6mjq-h674-j845
reference_id GHSA-6mjq-h674-j845
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mjq-h674-j845
13
reference_url https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845
reference_id GHSA-6mjq-h674-j845
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845
14
reference_url https://security.netapp.com/advisory/ntap-20230803-0001/
reference_id ntap-20230803-0001
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://security.netapp.com/advisory/ntap-20230803-0001/
15
reference_url https://security.netapp.com/advisory/ntap-20240621-0007/
reference_id ntap-20240621-0007
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://security.netapp.com/advisory/ntap-20240621-0007/
16
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
17
reference_url https://access.redhat.com/errata/RHSA-2023:5441
reference_id RHSA-2023:5441
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5441
18
reference_url https://access.redhat.com/errata/RHSA-2023:5946
reference_id RHSA-2023:5946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5946
19
reference_url https://access.redhat.com/errata/RHSA-2023:7669
reference_id RHSA-2023:7669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7669
20
reference_url https://access.redhat.com/errata/RHSA-2023:7697
reference_id RHSA-2023:7697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7697
21
reference_url https://access.redhat.com/errata/RHSA-2024:0148
reference_id RHSA-2024:0148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0148
22
reference_url https://usn.ubuntu.com/6994-1/
reference_id USN-6994-1
reference_type
scores
url https://usn.ubuntu.com/6994-1/
fixed_packages
0
url pkg:maven/io.netty/netty-handler@4.1.94.Final
purl pkg:maven/io.netty/netty-handler@4.1.94.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-epex-9q5x-ykf3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-handler@4.1.94.Final
aliases CVE-2023-34462, GHSA-6mjq-h674-j845
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8b9g-6r2j-tqhw
1
url VCID-epex-9q5x-ykf3
vulnerability_id VCID-epex-9q5x-ykf3
summary 
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
### Impact
When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash.

### Workarounds
As workaround its possible to either disable the usage of the native SSLEngine or changing the code from:

```
SslContext context = ...;
SslHandler handler = context.newHandler(....);
```

to:

```
SslContext context = ...;
SSLEngine engine = context.newEngine(....);
SslHandler handler = new SslHandler(engine, ....);
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24970.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24970.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24970
reference_id
reference_type
scores
0
value 0.00953
scoring_system epss
scoring_elements 0.76436
published_at 2026-04-21T12:55:00Z
1
value 0.00953
scoring_system epss
scoring_elements 0.76451
published_at 2026-04-18T12:55:00Z
2
value 0.00953
scoring_system epss
scoring_elements 0.76445
published_at 2026-04-16T12:55:00Z
3
value 0.00953
scoring_system epss
scoring_elements 0.76406
published_at 2026-04-13T12:55:00Z
4
value 0.00953
scoring_system epss
scoring_elements 0.76411
published_at 2026-04-12T12:55:00Z
5
value 0.00953
scoring_system epss
scoring_elements 0.76433
published_at 2026-04-11T12:55:00Z
6
value 0.00953
scoring_system epss
scoring_elements 0.76407
published_at 2026-04-09T12:55:00Z
7
value 0.00953
scoring_system epss
scoring_elements 0.76394
published_at 2026-04-08T12:55:00Z
8
value 0.0098
scoring_system epss
scoring_elements 0.76719
published_at 2026-04-07T12:55:00Z
9
value 0.0098
scoring_system epss
scoring_elements 0.76737
published_at 2026-04-04T12:55:00Z
10
value 0.0098
scoring_system epss
scoring_elements 0.76709
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24970
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
4
reference_url https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:30:54Z/
url https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4
5
reference_url https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:30:54Z/
url https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24970
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24970
7
reference_url https://security.netapp.com/advisory/ntap-20250221-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250221-0005
8
reference_url https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection
9
reference_url https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2344787
reference_id 2344787
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2344787
11
reference_url https://github.com/advisories/GHSA-4g8c-wm8x-jfhw
reference_id GHSA-4g8c-wm8x-jfhw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4g8c-wm8x-jfhw
12
reference_url https://access.redhat.com/errata/RHSA-2025:2588
reference_id RHSA-2025:2588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2588
13
reference_url https://access.redhat.com/errata/RHSA-2025:3540
reference_id RHSA-2025:3540
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3540
14
reference_url https://access.redhat.com/errata/RHSA-2025:8258
reference_id RHSA-2025:8258
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8258
fixed_packages
0
url pkg:maven/io.netty/netty-handler@4.1.118.Final
purl pkg:maven/io.netty/netty-handler@4.1.118.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-handler@4.1.118.Final
aliases CVE-2025-24970, GHSA-4g8c-wm8x-jfhw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epex-9q5x-ykf3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-handler@4.1.93.Final