CVE-2016-4970: Infinite Loop for SSL Handler

April 13, 2017 (updated September 30, 2019)

handler/ssl/OpenSslEngine.java in this package allows remote attackers to cause a denial of service (infinite loop).

References

netty.io/news/2016/06/07/4-0-37-Final.html
netty.io/news/2016/06/07/4-1-1-Final.html

Code Behaviors & Features

Detect and mitigate CVE-2016-4970 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →