CVE-2025-24970

Medienbericht

Exploit

EPSS 0.95%
Veröffentlicht 10.02.2025 22:15:38
Zuletzt bearbeitet 05.09.2025 17:20:12
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

NVD 5 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netty ≫ Netty Version >= 4.1.91 < 4.1.118

Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Oncommand Insight Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.95%	0.764

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.heise.de/news/Atlassian-stopft-hochriskante-Lecks-in-Confluence-Jira-Co-10355832.html

Media Report

https://www.heise.de/news/Sicherheitsluecken-IBM-Guardium-Data-Protection-als-Einfallstor-fuer-Angreifer-10417869.html

Media Report

https://www.heise.de/news/Sicherheitsupdates-IBM-Db2-ueber-verschiedene-Wege-angreifbar-10506632.html

Media Report

https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4

Patch

https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw

Vendor Advisory

https://security.netapp.com/advisory/ntap-20250221-0005/

Third Party Advisory