View all vulnerabilities

CVE-2025-24970

SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

### ImpactWhen a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash.### WorkaroundsAs workaround its possible to either disable the usage of the native SSLEngine or changing the code from:```SslContext context = ...;SslHandler handler = context.newHandler(....);```to:```SslContext context = ...;SSLEngine engine = context.newEngine(....);SslHandler handler = new SslHandler(engine, ....);```

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
io.netty:netty-handler >= 4.1.91.Final < 4.1.118.Final
Severity
High
Ecosystem
Publish Date
February 10, 2025
Modified Date
April 16, 2025