CVE-2016-4970
Denial of Service vulnerability in netty-handler (Maven)
What is CVE-2016-4970 About?
This is a Denial of Service vulnerability in Netty's OpenSslEngine, which can occur due to an infinite loop in the SSL handler. Successful exploitation could render the service unavailable, and it can be triggered remotely with moderate complexity.
Affected Software
- io.netty:netty-handler
- >4.1.0.Beta1, <4.1.1.Final
- >4.0.0.Alpha1, <4.0.37.Final
Technical Details
The vulnerability resides in the handler/ssl/OpenSslEngine.java component of Netty versions 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final. A remote attacker can craft specific input that, when processed by the OpenSslEngine, causes the application to enter an infinite loop. This resource exhaustion leads to a denial of service, preventing legitimate users from accessing the affected service. The specific mechanism involves malformed SSL handshake messages or data processing logic within the OpenSslEngine that fails to properly terminate a loop condition under certain input scenarios.
What is the Impact of CVE-2016-4970?
Successful exploitation may allow attackers to cause a denial of service, making the affected service unavailable to legitimate users and potentially requiring manual intervention to restore functionality.
What is the Exploitability of CVE-2016-4970?
Exploitation of this vulnerability appears to require remote network access to the affected service. The complexity might be moderate, as it involves crafting specific input that triggers an infinite loop within the SSL handler. There are no explicit authentication or privilege requirements mentioned, suggesting it could be unauthenticated. Attackers would need to understand the SSL/TLS protocol and how Netty processes it to create the specific malformed data that results in the infinite loop. The system's continuous operation is a risk factor, as any remote interaction via SSL/TLS could theoretically trigger the flaw.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2016-4970?
Available Upgrade Options
- io.netty:netty-handler
- >4.0.0.Alpha1, <4.0.37.Final → Upgrade to 4.0.37.Final
- io.netty:netty-handler
- >4.1.0.Beta1, <4.1.1.Final → Upgrade to 4.1.1.Final
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/netty/netty
- https://bugzilla.redhat.com/show_bug.cgi?id=1343616
- http://netty.io/news/2016/06/07/4-1-1-Final.html
- http://rhn.redhat.com/errata/RHSA-2017-0179.html
- http://netty.io/news/2016/06/07/4-0-37-Final.html
- https://github.com/netty/netty/pull/5364
- http://rhn.redhat.com/errata/RHSA-2017-1097.html
- https://wiki.opendaylight.org/view/Security_Advisories
- https://bugzilla.redhat.com/show_bug.cgi?id=1343616
- https://nvd.nist.gov/vuln/detail/CVE-2016-4970
What are Similar Vulnerabilities to CVE-2016-4970?
Similar Vulnerabilities: CVE-2019-10086 , CVE-2017-7529 , CVE-2014-0107 , CVE-2018-8012 , CVE-2015-5262
