VulnerableCode Package Details - pkg:maven/io.netty/netty-handler@4.1.107.Final

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/io.netty/netty-handler@4.1.107.Final

purl	pkg:maven/io.netty/netty-handler@4.1.107.Final

Next non-vulnerable version	4.1.118.Final
Latest non-vulnerable version	4.1.118.Final
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-epex-9q5x-ykf3 Aliases: CVE-2025-24970 GHSA-4g8c-wm8x-jfhw	SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine ### Impact When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. ### Workarounds As workaround its possible to either disable the usage of the native SSLEngine or changing the code from: ``` SslContext context = ...; SslHandler handler = context.newHandler(....); ``` to: ``` SslContext context = ...; SSLEngine engine = context.newEngine(....); SslHandler handler = new SslHandler(engine, ....); ```	4.1.118.Final Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:20:19.322451+00:00	GitLab Importer	Affected by	VCID-epex-9q5x-ykf3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-handler/CVE-2025-24970.yml	38.4.0
2026-04-12T00:39:14.244702+00:00	GitLab Importer	Affected by	VCID-epex-9q5x-ykf3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-handler/CVE-2025-24970.yml	38.3.0
2026-04-03T00:47:14.528558+00:00	GitLab Importer	Affected by	VCID-epex-9q5x-ykf3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-handler/CVE-2025-24970.yml	38.1.0