{"id":"CVE-2016-4970","details":"handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).","aliases":["GHSA-rv63-gqm8-9w8q"],"modified":"2026-04-16T06:24:43.393854658Z","published":"2017-04-13T14:59:01.823Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-1097.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96540"},{"type":"ADVISORY","url":"http://netty.io/news/2016/06/07/4-1-1-Final.html"},{"type":"ADVISORY","url":"https://wiki.opendaylight.org/view/Security_Advisories"},{"type":"ADVISORY","url":"http://netty.io/news/2016/06/07/4-0-37-Final.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0179.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343616"},{"type":"FIX","url":"https://github.com/netty/netty/pull/5364"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/cassandra","events":[{"introduced":"0"},{"last_affected":"533193a7b82c98814567c735f13a0e33c58424b1"},{"introduced":"0"},{"last_affected":"fd47391aae13bcf4ee995abcde1b0e180372d193"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0"},{"introduced":"0"},{"last_affected":"3.11.4"}]}},{"type":"GIT","repo":"https://github.com/netty/netty","events":[{"introduced":"1709113a1f27be021e890d07c4d94576e2e7710c"},{"fixed":"4169779352fb91c69b41077033135a24f898ad1d"},{"introduced":"446b38db5220a3934064ee4e26f40d81dfa6b714"},{"fixed":"cf670fab75ad3c77d6b37883104b259894d4bd71"}],"database_specific":{"versions":[{"introduced":"4.0.20"},{"fixed":"4.0.37"},{"introduced":"4.1.0"},{"fixed":"4.1.1"}]}}],"versions":["cassandra-1.0.0","cassandra-1.1.0-beta1","cassandra-1.2.0-beta1","cassandra-1.2.0-beta2","cassandra-2.0.0-beta1","cassandra-2.0.0-beta2","cassandra-2.0.0-rc1","cassandra-2.1.0-beta1","cassandra-3.0.0-alpha1","cassandra-3.10","cassandra-3.11.0","cassandra-3.11.1","cassandra-3.11.2","cassandra-3.11.3","cassandra-3.11.4","cassandra-3.4","netty-4.0.20.Final","netty-4.0.21.Final","netty-4.0.22.Final","netty-4.0.23.Final","netty-4.0.24.Final","netty-4.0.25.Final","netty-4.0.26.Final","netty-4.0.27.Final","netty-4.0.28.Final","netty-4.0.29.Final","netty-4.0.30.Final","netty-4.0.31.Final","netty-4.0.32.Final","netty-4.0.33.Final","netty-4.0.34.Final","netty-4.0.35.Final","netty-4.0.36.Final","netty-4.1.0.Final"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4970.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}