CVE-2025-24970
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-24970
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24970.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-24970
- Aliases
- Downstream
- Related
- Published
- 2025-02-10T22:15:38Z
- Modified
- 2025-10-10T05:01:18.260799Z
- Summary
- [none]
- Details
-
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
- References
-
- https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw
- https://security.netapp.com/advisory/ntap-20250221-0005/
- https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection
- https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation
- https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4
Affected packages
Git / github.com/netty/netty
Affected ranges
- Type
- GIT
- Repo
- https://github.com/netty/netty
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
netty-4.*
netty-4.0.0.Alpha1
netty-4.0.0.Alpha2
netty-4.0.0.Alpha3
netty-4.0.0.Alpha4
netty-4.0.0.Alpha5
netty-4.0.0.Alpha6
netty-4.0.0.Alpha7
netty-4.0.0.Alpha8
netty-4.0.0.Beta1
netty-4.0.0.Beta2
netty-4.0.0.Beta3
netty-4.0.0.CR1
netty-4.0.0.CR2
netty-4.0.0.CR3
netty-4.0.0.CR4
netty-4.0.0.CR5
netty-4.0.0.CR7
netty-4.0.0.CR8
netty-4.0.0.CR9
netty-4.0.0.Final
netty-4.0.1.Final
netty-4.0.10.Final
netty-4.0.11.Final
netty-4.0.12.Final
netty-4.0.13.Final
netty-4.0.14.Beta1
netty-4.0.14.Final
netty-4.0.15.Final
netty-4.0.2.Final
netty-4.0.3.Final
netty-4.0.4.Final
netty-4.0.5.Final
netty-4.0.6.Final
netty-4.0.7.Final
netty-4.0.8.Final
netty-4.1.0.Beta1
netty-4.1.0.Beta2
netty-4.1.0.Beta3
netty-4.1.0.Beta4
netty-4.1.0.Beta5
netty-4.1.0.Beta6
netty-4.1.0.Beta7
netty-4.1.0.Beta8
netty-4.1.0.CR1
netty-4.1.0.CR2
netty-4.1.0.CR3
netty-4.1.0.CR4
netty-4.1.0.CR5
netty-4.1.0.CR6
netty-4.1.0.CR7
netty-4.1.0.Final
netty-4.1.1.Final
netty-4.1.10.Final
netty-4.1.100.Final
netty-4.1.101.Final
netty-4.1.102.Final
netty-4.1.103.Final
netty-4.1.104.Final
netty-4.1.105.Final
netty-4.1.106.Final
netty-4.1.107.Final
netty-4.1.108.Final
netty-4.1.109.Final
netty-4.1.11.Final
netty-4.1.110.Final
netty-4.1.111.Final
netty-4.1.112.Final
netty-4.1.113.Final
netty-4.1.114.Final
netty-4.1.115.Final
netty-4.1.116.Final
netty-4.1.117.Final
netty-4.1.12.Final
netty-4.1.13.Final
netty-4.1.14.Final
netty-4.1.15.Final
netty-4.1.16.Final
netty-4.1.17.Final
netty-4.1.18.Final
netty-4.1.19.Final
netty-4.1.2.Final
netty-4.1.20.Final
netty-4.1.21.Final
netty-4.1.22.Final
netty-4.1.23.Final
netty-4.1.24.Final
netty-4.1.25.Final
netty-4.1.26.Final
netty-4.1.27.Final
netty-4.1.28.Final
netty-4.1.29.Final
netty-4.1.3.Final
netty-4.1.30.Final
netty-4.1.31.Final
netty-4.1.32.Final
netty-4.1.33.Final
netty-4.1.34.Final
netty-4.1.35.Final
netty-4.1.36.Final
netty-4.1.37.Final
netty-4.1.38.Final
netty-4.1.39.Final
netty-4.1.4.Final
netty-4.1.40.Final
netty-4.1.41.Final
netty-4.1.42.Final
netty-4.1.43.Final
netty-4.1.44.Final
netty-4.1.45.Final
netty-4.1.46.Final
netty-4.1.47.Final
netty-4.1.48.Final
netty-4.1.49.Final
netty-4.1.5.Final
netty-4.1.50.Final
netty-4.1.51.Final
netty-4.1.52.Final
netty-4.1.53.Final
netty-4.1.54.Final
netty-4.1.55.Final
netty-4.1.56.Final
netty-4.1.57.Final
netty-4.1.58.Final
netty-4.1.59.Final
netty-4.1.6.Final
netty-4.1.60.Final
netty-4.1.61.Final
netty-4.1.62.Final
netty-4.1.63.Final
netty-4.1.64.Final
netty-4.1.65.Final
netty-4.1.66.Final
netty-4.1.67.Final
netty-4.1.68.Final
netty-4.1.69.Final
netty-4.1.7.Final
netty-4.1.70.Final
netty-4.1.71.Final
netty-4.1.72.Final
netty-4.1.73.Final
netty-4.1.74.Final
netty-4.1.75.Final
netty-4.1.76.Final
netty-4.1.77.Final
netty-4.1.78.Final
netty-4.1.79.Final
netty-4.1.8.Final
netty-4.1.80.Final
netty-4.1.81.Final
netty-4.1.82.Final
netty-4.1.83.Final
netty-4.1.84.Final
netty-4.1.85.Final
netty-4.1.86.Final
netty-4.1.87.Final
netty-4.1.88.Final
netty-4.1.89.Final
netty-4.1.9.Final
netty-4.1.90.Final
netty-4.1.91.Final
netty-4.1.92.Final
netty-4.1.93.Final
netty-4.1.94.Final
netty-4.1.95.Final
netty-4.1.96.Final
netty-4.1.97.Final
netty-4.1.98.Final
netty-4.1.99.Final
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2025-24970-228f3d02",
"digest": {
"length": 4637.0,
"function_hash": "327196958911654775033233893523275684115"
},
"source": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"signature_version": "v1",
"target": {
"function": "unwrap",
"file": "handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java"
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-24970-294fa090",
"digest": {
"length": 463.0,
"function_hash": "35961428334426579318057934398862523417"
},
"source": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"signature_version": "v1",
"target": {
"function": "getEncryptedPacketLength",
"file": "handler/src/main/java/io/netty/handler/ssl/SslUtils.java"
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-24970-2a3f3972",
"digest": {
"line_hashes": [
"162836223154286822519253496353188499284",
"238501185824778325453627345215531888854",
"62672348546284849855254185327923350112",
"320518755436094748230072835696608214929",
"179003121674600762513072458184699691939",
"196731808465069326826250163880871164895",
"293768139970147265684483568064234533299",
"130965908581338178125306314952929953915",
"248338465975884435555699957515182847075",
"333028399328314467888469829473538463843",
"87107149554378743346270687220902522077",
"241010605719727007919221410589938074155",
"223201046909084534404342400163692306576",
"258978568152302968701904977486953637627",
"232590064636015548535185188991395605460",
"316275991008523866985873855084387913988",
"286971859537041867608312487328523026957",
"69640216362252378065488793001829424164",
"81778266504181631504650719252689267253",
"150017662555551297681444884776194248364",
"320932067500803612378441545534588179594",
"90948703836096124585039959699072361771",
"66307236719238303910096912021913734331",
"105022341408594805260448965249385112939",
"298975607911669047145762000111150490084",
"291278352054221005315856813849142535206",
"164018156464638368950442439347617538011",
"198612421374880620182625133854328550531",
"332053462910457597059881847874570019327",
"241010605719727007919221410589938074155",
"223201046909084534404342400163692306576"
],
"threshold": 0.9
},
"source": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"signature_version": "v1",
"target": {
"file": "handler/src/main/java/io/netty/handler/ssl/SslUtils.java"
},
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2025-24970-cd0e8eda",
"digest": {
"line_hashes": [
"61847757038835109877109668388264418431",
"56798105024475689476437797826150727290",
"244903697137627885139415911912138090441"
],
"threshold": 0.9
},
"source": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"signature_version": "v1",
"target": {
"file": "handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java"
},
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2025-24970-eb7c333f",
"digest": {
"length": 1339.0,
"function_hash": "194913597819912680929490010766117765141"
},
"source": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"signature_version": "v1",
"target": {
"function": "getEncryptedPacketLength",
"file": "handler/src/main/java/io/netty/handler/ssl/SslUtils.java"
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-24970-f95553ac",
"digest": {
"length": 1064.0,
"function_hash": "261304627989985208892904449465046704902"
},
"source": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"signature_version": "v1",
"target": {
"function": "getEncryptedPacketLength",
"file": "handler/src/main/java/io/netty/handler/ssl/SslUtils.java"
},
"deprecated": false,
"signature_type": "Function"
}
]
}