{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24970", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-01-29T15:18:03.210Z", "datePublished": "2025-02-10T21:57:28.730Z", "dateUpdated": "2025-04-16T15:37:17.191Z"}, "containers": {"cna": {"title": "SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"}, {"name": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4", "tags": ["x_refsource_MISC"], "url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"}], "affected": [{"vendor": "netty", "product": "netty", "versions": [{"version": ">= 4.1.91.Final, <= 4.1.117.Final", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-02-10T21:57:28.730Z"}, "descriptions": [{"lang": "en", "value": "Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually."}], "source": {"advisory": "GHSA-4g8c-wm8x-jfhw", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-11T15:30:54.865019Z", "id": "CVE-2025-24970", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T15:31:38.061Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-04-16T15:37:17.191Z"}, "references": [{"url": "https://security.netapp.com/advisory/ntap-20250221-0005/"}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection"}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250221-0005/"}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection"}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-04-16T15:37:17.191Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24970", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-11T15:30:54.865019Z"}}}], "references": [{"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T15:31:00.242Z"}}], "cna": {"title": "SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine", "source": {"advisory": "GHSA-4g8c-wm8x-jfhw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "netty", "product": "netty", "versions": [{"status": "affected", "version": ">= 4.1.91.Final, <= 4.1.117.Final"}]}], "references": [{"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw", "name": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4", "name": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-02-10T21:57:28.730Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24970", "state": "PUBLISHED", "dateUpdated": "2025-04-16T15:37:17.191Z", "dateReserved": "2025-01-29T15:18:03.210Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-02-10T21:57:28.730Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFD13BDE-F4C1-4B4C-9E46-C4482F977174", "versionEndExcluding": "4.1.118", "versionStartIncluding": "4.1.91", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually."}, {"lang": "es", "value": "Netty, un framework de aplicaci\u00f3n de red asincr\u00f3nico y controlado por eventos, tiene una vulnerabilidad a partir de la versi\u00f3n 4.1.91.Final y anteriores a la versi\u00f3n 4.1.118.Final. Cuando se recibe un paquete especialmente manipulado a trav\u00e9s de SslHandler, no se gestiona correctamente la validaci\u00f3n de dicho paquete en todos los casos, lo que puede provocar un bloqueo nativo. La versi\u00f3n 4.1.118.Final contiene un parche. Como workaround, es posible deshabilitar el uso de SSLEngine nativo o cambiar el c\u00f3digo manualmente. "}], "id": "CVE-2025-24970", "lastModified": "2025-09-05T17:20:12.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-02-10T22:15:38.057", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20250221-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory"], "url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:8761", "cpe": "cpe:/a:redhat:apache_camel_hawtio:4.2::el6", "package": "io.netty/netty-handler", "product_name": "HawtIO HawtIO 4.2.0", "release_date": "2025-06-10T00:00:00Z"}, {"advisory": "RHSA-2025:3543", "cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.8.5", "package": "io.netty/netty-handler", "product_name": "Red Hat build of Apache Camel 4.8.5 for Spring Boot", "release_date": "2025-04-02T00:00:00Z"}, {"advisory": "RHSA-2025:2067", "cpe": "cpe:/a:redhat:camel_quarkus:3.15", "package": "io.netty/netty-handler", "product_name": "Red Hat Build of Apache Camel 4.8 for Quarkus 3.15", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1885", "cpe": "cpe:/a:redhat:quarkus:3.15::el8", "package": "io.netty/netty-handler", "product_name": "Red Hat build of Quarkus 3.15.3.SP1", "release_date": "2025-02-27T00:00:00Z"}, {"advisory": "RHSA-2025:8258", "cpe": "cpe:/a:redhat:quarkus:3.20::el8", "package": "io.netty/netty-handler", "product_name": "Red Hat build of Quarkus 3.20.1", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:1884", "cpe": "cpe:/a:redhat:quarkus:3.8::el8", "package": "io.netty/netty-handler", "product_name": "Red Hat build of Quarkus 3.8.6.SP3", "release_date": "2025-02-27T00:00:00Z"}, {"advisory": "RHSA-2025:2663", "cpe": "cpe:/a:redhat:jboss_data_grid:8", "package": "io.netty/netty-handler", "product_name": "Red Hat Data Grid", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:3467", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package": "netty-handler", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:4552", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:3465", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-netty-0:4.1.119-1.Final_redhat_00004.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:3465", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00004.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:3465", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-wildfly-0:7.4.21-3.GA_29548_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:4549", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-apache-commons-io-0:2.16.1-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4549", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-hal-console-0:3.3.26-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4549", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-ironjacamar-0:1.5.19-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4549", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4549", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-jboss-server-migration-0:1.10.0-41.Final_redhat_00041.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4549", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-weld-core-0:3.1.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4549", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-wildfly-0:7.4.22-2.GA_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4549", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-wildfly-elytron-0:1.15.25-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:3465", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-netty-0:4.1.119-1.Final_redhat_00004.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:3465", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00004.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:3465", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-wildfly-0:7.4.21-3.GA_29548_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:4550", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-apache-commons-io-0:2.16.1-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4550", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-hal-console-0:3.3.26-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4550", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-ironjacamar-0:1.5.19-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4550", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4550", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-jboss-server-migration-0:1.10.0-41.Final_redhat_00041.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4550", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-weld-core-0:3.1.11-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4550", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-wildfly-0:7.4.22-2.GA_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4550", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-wildfly-elytron-0:1.15.25-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:3465", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-netty-0:4.1.119-1.Final_redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:3465", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:3465", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-wildfly-0:7.4.21-3.GA_29548_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:4548", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-apache-commons-io-0:2.16.1-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4548", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-hal-console-0:3.3.26-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4548", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-ironjacamar-0:1.5.19-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4548", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4548", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-jboss-server-migration-0:1.10.0-41.Final_redhat_00041.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4548", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-weld-core-0:3.1.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4548", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-wildfly-0:7.4.22-2.GA_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4548", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-wildfly-elytron-0:1.15.25-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:3358", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "package": "netty-handler", "product_name": "Red Hat JBoss Enterprise Application Platform 8", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3357", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3357", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3357", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3357", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3357", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3357", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3357", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3357", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3357", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3357", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3540", "cpe": "cpe:/a:redhat:camel_k:1.10.10", "package": "io.netty/netty-handler", "product_name": "RHINT Camel-K 1.10.10", "release_date": "2025-04-02T00:00:00Z"}, {"advisory": "RHSA-2025:9922", "cpe": "cpe:/a:redhat:amq_streams:2.9::el9", "package": "io.netty/netty-handler", "product_name": "Streams for Apache Kafka 2.9.1", "release_date": "2025-06-30T00:00:00Z"}, {"advisory": "RHSA-2025:2588", "cpe": "cpe:/a:redhat:openshift_ai:2.18::el8", "package": "registry.redhat.io/rhoai/odh-modelmesh-rhel8:sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5", "product_name": "Red Hat OpenShift AI 2.18", "release_date": "2025-03-10T00:00:00Z"}], "bugzilla": {"description": "io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine", "id": "2344787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.", "A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-24970", "package_state": [{"cpe": "cpe:/a:redhat:amq_clients:2023", "fix_state": "Affected", "package_name": "io.netty/netty-handler", "product_name": "AMQ Clients"}, {"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Affected", "package_name": "io.netty/netty-handler", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:cryostat:3", "fix_state": "Affected", "package_name": "io.netty/netty-handler", "product_name": "Cryostat 3"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/elasticsearch6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Affected", "package_name": "io.netty/netty-handler", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "package_name": "io.netty/netty-handler", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Affected", "package_name": "io.netty/netty-handler", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:apicurio_registry:3", "fix_state": "Affected", "package_name": "io.netty/netty-handler", "product_name": "Red Hat build of Apicurio Registry 3"}, {"cpe": "cpe:/a:redhat:debezium:2", "fix_state": "Will not fix", "package_name": "io.netty/netty-handler", "product_name": "Red Hat build of Debezium 2"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Affected", "package_name": "io.netty/netty-handler", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "io.netty/netty-handler", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "netty-handler", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "io.netty/netty-handler", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Out of support scope", "package_name": "io.netty/netty-handler", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2025-02-10T21:57:28Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-24970\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24970\nhttps://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4\nhttps://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"], "statement": "This vulnerability in Netty's SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.", "threat_severity": "Important"}

{}