{"uuid": "d3814ddd-92b5-4164-9601-22bc1a7aed10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-4G8C-WM8X-JFHW", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4940", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24970\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.\n\ud83d\udccf Published: 2025-02-10T21:57:28.730Z\n\ud83d\udccf Modified: 2025-02-21T18:03:37.212Z\n\ud83d\udd17 References:\n1. https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw\n2. https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4", "creation_timestamp": "2025-02-21T18:18:55.000000Z"}