CVE-2023-34462

Publication date 22 June 2023

Last updated 9 September 2024


Ubuntu priority

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.

Status

Package Ubuntu Release Status
netty 24.10 oracular
Needs evaluation
24.04 LTS noble
Fixed 1:4.1.48-9
23.10 mantic Ignored end of life, was needed
23.04 lunar Ignored end of life, was needs-triage
22.10 kinetic Ignored end of life, was needs-triage
22.04 LTS jammy
Fixed 1:4.1.48-4+deb11u2build0.22.04.1
20.04 LTS focal
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected

Severity score breakdown

Parameter Value
Base score 6.5 · Medium
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H