Search for packages
| purl | pkg:maven/io.netty/netty-handler@4.1.118.Final |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-56qx-e3h3-2kbr | SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine ### Impact When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. ### Workarounds As workaround its possible to either disable the usage of the native SSLEngine or changing the code from: ``` SslContext context = ...; SslHandler handler = context.newHandler(....); ``` to: ``` SslContext context = ...; SSLEngine engine = context.newEngine(....); SslHandler handler = new SslHandler(engine, ....); ``` |
CVE-2025-24970
GHSA-4g8c-wm8x-jfhw |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-06T17:39:01.001473+00:00 | GHSA Importer | Fixing | VCID-56qx-e3h3-2kbr | https://github.com/advisories/GHSA-4g8c-wm8x-jfhw | 37.0.0 |
| 2025-07-03T19:20:35.461333+00:00 | GitLab Importer | Fixing | VCID-56qx-e3h3-2kbr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-handler/CVE-2025-24970.yml | 37.0.0 |
| 2025-07-03T13:57:40.689082+00:00 | GitLab Importer | Fixing | VCID-56qx-e3h3-2kbr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-handler/CVE-2025-24970.yml | 36.1.3 |
| 2025-07-01T12:12:30.628913+00:00 | GithubOSV Importer | Fixing | VCID-56qx-e3h3-2kbr | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-4g8c-wm8x-jfhw/GHSA-4g8c-wm8x-jfhw.json | 36.1.3 |