{"id":"CVE-2025-24970","summary":"SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine","details":"Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.","aliases":["GHSA-4g8c-wm8x-jfhw"],"modified":"2026-04-12T14:04:27.448154Z","published":"2025-02-10T21:57:28.730Z","related":["CGA-j5xr-m8mh-cjc8","SUSE-SU-2025:0590-1","openSUSE-SU-2025:14765-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24970.json","cwe_ids":["CWE-20"]},"references":[{"type":"WEB","url":"https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection"},{"type":"WEB","url":"https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24970.json"},{"type":"ADVISORY","url":"https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24970"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20250221-0005/"},{"type":"FIX","url":"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/netty/netty","events":[{"introduced":"d773f37e3422b8bc38429bbde94583173c3b7e4a"},{"fixed":"87f40725155b2f89adfde68c7732f97c153676c4"}]}],"versions":["netty-4.1.100.Final","netty-4.1.101.Final","netty-4.1.102.Final","netty-4.1.103.Final","netty-4.1.104.Final","netty-4.1.105.Final","netty-4.1.106.Final","netty-4.1.107.Final","netty-4.1.108.Final","netty-4.1.109.Final","netty-4.1.110.Final","netty-4.1.111.Final","netty-4.1.112.Final","netty-4.1.113.Final","netty-4.1.114.Final","netty-4.1.115.Final","netty-4.1.116.Final","netty-4.1.117.Final","netty-4.1.91.Final","netty-4.1.92.Final","netty-4.1.93.Final","netty-4.1.94.Final","netty-4.1.95.Final","netty-4.1.96.Final","netty-4.1.97.Final","netty-4.1.98.Final","netty-4.1.99.Final"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24970.json","vanir_signatures_modified":"2026-04-12T14:04:27Z","vanir_signatures":[{"target":{"file":"handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java","function":"unwrap"},"source":"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4","deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"327196958911654775033233893523275684115","length":4637},"id":"CVE-2025-24970-228f3d02"},{"target":{"file":"handler/src/main/java/io/netty/handler/ssl/SslUtils.java","function":"getEncryptedPacketLength"},"source":"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4","deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"35961428334426579318057934398862523417","length":463},"id":"CVE-2025-24970-294fa090"},{"target":{"file":"handler/src/main/java/io/netty/handler/ssl/SslUtils.java"},"source":"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4","deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["162836223154286822519253496353188499284","238501185824778325453627345215531888854","62672348546284849855254185327923350112","320518755436094748230072835696608214929","179003121674600762513072458184699691939","196731808465069326826250163880871164895","293768139970147265684483568064234533299","130965908581338178125306314952929953915","248338465975884435555699957515182847075","333028399328314467888469829473538463843","87107149554378743346270687220902522077","241010605719727007919221410589938074155","223201046909084534404342400163692306576","258978568152302968701904977486953637627","232590064636015548535185188991395605460","316275991008523866985873855084387913988","286971859537041867608312487328523026957","69640216362252378065488793001829424164","81778266504181631504650719252689267253","150017662555551297681444884776194248364","320932067500803612378441545534588179594","90948703836096124585039959699072361771","66307236719238303910096912021913734331","105022341408594805260448965249385112939","298975607911669047145762000111150490084","291278352054221005315856813849142535206","164018156464638368950442439347617538011","198612421374880620182625133854328550531","332053462910457597059881847874570019327","241010605719727007919221410589938074155","223201046909084534404342400163692306576"]},"id":"CVE-2025-24970-2a3f3972"},{"target":{"file":"handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java"},"source":"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4","deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["61847757038835109877109668388264418431","56798105024475689476437797826150727290","244903697137627885139415911912138090441"]},"id":"CVE-2025-24970-cd0e8eda"},{"target":{"file":"handler/src/main/java/io/netty/handler/ssl/SslUtils.java","function":"getEncryptedPacketLength"},"source":"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4","deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"194913597819912680929490010766117765141","length":1339},"id":"CVE-2025-24970-eb7c333f"},{"target":{"file":"handler/src/main/java/io/netty/handler/ssl/SslUtils.java","function":"getEncryptedPacketLength"},"source":"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4","deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"261304627989985208892904449465046704902","length":1064},"id":"CVE-2025-24970-f95553ac"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}