- Description
- Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-20
- Hype score
- Not currently trending
🚨 CVE-2025-24970 🔴 HIGH (7.5) 🏢 netty - netty 🏗️ >= https://t.co/qiK334GZ4u, <= https://t.co/qMeQRifmv0 🔗 https://t.co/FrS5KnxDtv 🔗 https://t.co/vYfgMQ3tIO #CyberCron #VulnAlert https://t.co/Bri6xUzeZS
@cybercronai
12 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24970 Netty SslHandler Vulnerability Causing Native Crash in Versions https://t.co/3eobqHtx3A https://t.co/RuEwEsb5PK
@VulmonFeeds
11 Feb 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24970 Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version https://t.co/aVUbaBerTZ and prior to version https://t.co/5mJZ6f4cSh. When a sp… https://t.co/ccfWdSOGkF
@CVEnew
10 Feb 2025
372 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Eclipse Vert.x 4.5.13 has been released https://t.co/Jh2GEqhCkL it fixes a couple of bugs as well as CVE-2025-24970 (CVSS v3.1: 7.5) and CVE-2025-25193 (CVSS v3.1: 5.5)
@vertx_project
10 Feb 2025
457 Impressions
4 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes