{ "threat_severity" : "Moderate", "public_date" : "2023-06-23T00:00:00Z", "bugzilla" : { "description" : "netty: SniHandler 16MB allocation leads to OOM", "id" : "2216888", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2216888" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-770", "details" : [ "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.", "A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service." ], "affected_release" : [ { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-12-06T00:00:00Z", "advisory" : "RHSA-2023:7669", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:2.4.0-2" }, { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-12-06T00:00:00Z", "advisory" : "RHSA-2023:7669", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-operator-bundle:2.4.0-2" }, { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-12-06T00:00:00Z", "advisory" : "RHSA-2023:7669", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-reports-rhel8:2.4.0-2" }, { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-12-06T00:00:00Z", "advisory" : "RHSA-2023:7669", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-rhel8:2.4.0-2" }, { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-12-06T00:00:00Z", "advisory" : "RHSA-2023:7669", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-rhel8-operator:2.4.0-3" }, { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-12-06T00:00:00Z", "advisory" : "RHSA-2023:7669", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/jfr-datasource-rhel8:2.4.0-2" }, { "product_name" : "Red Hat AMQ Broker 7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5946", "cpe" : "cpe:/a:redhat:amq_broker:7", "package" : "netty" }, { "product_name" : "Red Hat AMQ Clients", "release_date" : "2023-12-07T00:00:00Z", "advisory" : "RHSA-2023:7697", "cpe" : "cpe:/a:redhat:amq_clients:2023_q4", "package" : "netty" }, { "product_name" : "Red Hat AMQ Streams 2.5.0", "release_date" : "2023-09-14T00:00:00Z", "advisory" : "RHSA-2023:5165", "cpe" : "cpe:/a:redhat:amq_streams:2" }, { "product_name" : "Red Hat build of Quarkus 2.13.9.Final", "release_date" : "2023-12-07T00:00:00Z", "advisory" : "RHSA-2023:7700", "cpe" : "cpe:/a:redhat:quarkus:2.13::el8", "package" : "io.netty/netty-handler:4.1.100.Final-redhat-00001" }, { "product_name" : "Red Hat Data Grid 8.4.4", "release_date" : "2023-09-28T00:00:00Z", "advisory" : "RHSA-2023:5396", "cpe" : "cpe:/a:redhat:jboss_data_grid:8", "package" : "netty" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2023-10-05T00:00:00Z", "advisory" : "RHSA-2023:5488", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "netty" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-10-06T00:00:00Z", "advisory" : "RHSA-2023:5485", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-10-06T00:00:00Z", "advisory" : "RHSA-2023:5485", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-10-06T00:00:00Z", "advisory" : "RHSA-2023:5486", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-10-06T00:00:00Z", "advisory" : "RHSA-2023:5486", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-10-05T00:00:00Z", "advisory" : "RHSA-2023:5484", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-10-05T00:00:00Z", "advisory" : "RHSA-2023:5484", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "RHINT Camel-K 1.10.5", "release_date" : "2024-01-10T00:00:00Z", "advisory" : "RHSA-2024:0148", "cpe" : "cpe:/a:redhat:camel_k:1.10.5", "package" : "netty" }, { "product_name" : "RHINT Camel-Springboot 4.0.0", "release_date" : "2023-10-04T00:00:00Z", "advisory" : "RHSA-2023:5441", "cpe" : "cpe:/a:redhat:camel_spring_boot:4.0.0", "package" : "netty" }, { "product_name" : "RHINT Service Registry 2.5.4 GA", "release_date" : "2023-12-05T00:00:00Z", "advisory" : "RHSA-2023:7653", "cpe" : "cpe:/a:redhat:service_registry:2.5", "package" : "netty" } ], "package_state" : [ { "product_name" : "A-MQ Clients 2", "fix_state" : "Affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:a_mq_clients:2" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/elasticsearch6-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Migration Toolkit for Applications 6", "fix_state" : "Affected", "package_name" : "org.jboss.windup-windup-parent", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6" }, { "product_name" : "Migration Toolkit for Runtimes", "fix_state" : "Affected", "package_name" : "org.jboss.windup-windup-parent", "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1" }, { "product_name" : "Red Hat A-MQ Online", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:amq_online:1" }, { "product_name" : "Red Hat build of Apache Camel for Spring Boot 3", "fix_state" : "Affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:camel_spring_boot:3" }, { "product_name" : "Red Hat build of Debezium 1", "fix_state" : "Not affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat build of Debezium 2", "fix_state" : "Not affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:debezium:2" }, { "product_name" : "Red Hat build of OptaPlanner 8", "fix_state" : "Affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:optaplanner:::el6" }, { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "log4j:2/log4j", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "log4j", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Integration Camel Quarkus 2", "fix_state" : "Affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:camel_quarkus:2" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Will not fix", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Will not fix", "package_name" : "netty", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat support for Spring Boot", "fix_state" : "Not affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Not affected", "package_name" : "apache-sshd", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4" }, { "product_name" : "streams for Apache Kafka", "fix_state" : "Affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:amq_streams:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-34462\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34462" ], "name" : "CVE-2023-34462", "mitigation" : { "value" : "Configuration of SniHandler with an idle timeout will mitigate this issue.", "lang" : "en:us" }, "csaw" : false }