Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-18649

netty-all vulnerability: CVE-2023-34462

    XMLWordPrintableJSON

Details

    Description

      This is failing owasp:

      https://nvd.nist.gov/vuln/detail/CVE-2023-34462

      The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap.

      Attachments

        Activity

          People

            brandon.williams Brandon Williams
            brandon.williams Brandon Williams
            Brandon Williams
            Berenguer Blasi
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: