Vulnerability Lookup

🛡️ CVE-2023-34462

🟡 CVSS 6.5 — Medium ✅ No Known Exploit CWE-400 NVD

6.5

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.

Details

Severity Medium

CVSS Score 6.5

CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE CWE-400

Public Exploit ✅ No

Source NVD

Published 2023-06-20

Updated 2026-06-08

Modified 2026-02-04

Fix URL https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32

Affected Packages

Software	From version	Fixed in
io.netty:netty-handler	—	4.1.94.Final
netty	—	4.1.94

References

WEB https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-34462

WEB https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32

PACKAGE https://github.com/netty/netty

WEB https://security.netapp.com/advisory/ntap-20230803-0001

WEB https://security.netapp.com/advisory/ntap-20240621-0007

WEB https://www.debian.org/security/2023/dsa-5558

🔗 NVD 🔗 Mitre ✅ Fix / Advisory

Similar Threats

Free Vulnerability Check

Is your WordPress site affected?

BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.

Scan My Site Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Is your WordPress site affected?

Company

Resources

Services

Trusted

Subscribe