CVE-2025-24970
CVE-2025-24970
Título es
CVE-2025-24970
Lun, 10/02/2025 – 22:15
Tipo
CWE-20
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-24970
Descripción en
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
10/02/2025
10/02/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Gravedad 3.1 (CVSS 3.1 Base Score)
7.50
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
Enviar en el boletín
Off
