Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.
CVE-2023-34462
It might be possible for a remote peer to send a client hello packet during a TLS handshake which lead the server to buffer up to 16 MB of data per connection. This could lead to a OutOfMemoryError and so result in a denial of service.
CVE-2023-44487
The HTTP/2 protocol allowed a denial of service (server resource consumption) because request cancellation can reset many streams quickly. This problem is also known as Rapid Reset Attack.
https://security-tracker.debian.org/tracker/DSA-5558-1
Continue reading...
CVE-2023-34462
It might be possible for a remote peer to send a client hello packet during a TLS handshake which lead the server to buffer up to 16 MB of data per connection. This could lead to a OutOfMemoryError and so result in a denial of service.
CVE-2023-44487
The HTTP/2 protocol allowed a denial of service (server resource consumption) because request cancellation can reset many streams quickly. This problem is also known as Rapid Reset Attack.
https://security-tracker.debian.org/tracker/DSA-5558-1
Continue reading...
