CVE-2016-4970

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-4970
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4970.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-4970
Aliases
Downstream
Published
2017-04-13T14:59:01.823Z
Modified
2026-04-16T06:24:43.393854658Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

References

Affected packages

Git / github.com/apache/cassandra

Affected ranges

Type
GIT
Repo
https://github.com/apache/cassandra
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
533193a7b82c98814567c735f13a0e33c58424b1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fd47391aae13bcf4ee995abcde1b0e180372d193
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.11.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/netty/netty
Events
Introduced
1709113a1f27be021e890d07c4d94576e2e7710c
Fixed
4169779352fb91c69b41077033135a24f898ad1d
Introduced
446b38db5220a3934064ee4e26f40d81dfa6b714
Fixed
cf670fab75ad3c77d6b37883104b259894d4bd71
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.20"
        },
        {
            "fixed": "4.0.37"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.1"
        }
    ]
}

Affected versions

cassandra-1.*
cassandra-1.0.0
cassandra-1.1.0-beta1
cassandra-1.2.0-beta1
cassandra-1.2.0-beta2
cassandra-2.*
cassandra-2.0.0-beta1
cassandra-2.0.0-beta2
cassandra-2.0.0-rc1
cassandra-2.1.0-beta1
cassandra-3.*
cassandra-3.0.0-alpha1
cassandra-3.10
cassandra-3.11.0
cassandra-3.11.1
cassandra-3.11.2
cassandra-3.11.3
cassandra-3.11.4
cassandra-3.4
netty-4.*
netty-4.0.20.Final
netty-4.0.21.Final
netty-4.0.22.Final
netty-4.0.23.Final
netty-4.0.24.Final
netty-4.0.25.Final
netty-4.0.26.Final
netty-4.0.27.Final
netty-4.0.28.Final
netty-4.0.29.Final
netty-4.0.30.Final
netty-4.0.31.Final
netty-4.0.32.Final
netty-4.0.33.Final
netty-4.0.34.Final
netty-4.0.35.Final
netty-4.0.36.Final
netty-4.1.0.Final

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4970.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.1"
            }
        ]
    }
]