[jira] [Created] (CASSANDRA-18649) netty-all vulnerability: CVE-2023-34462

Brandon Williams (Jira) Wed, 05 Jul 2023 03:55:04 -0700

Brandon Williams created CASSANDRA-18649:
--------------------------------------------


             Summary: netty-all vulnerability: CVE-2023-34462
                 Key: CASSANDRA-18649
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18649
             Project: Cassandra
          Issue Type: Bug
            Reporter: Brandon Williams


This is failing owasp:

https://nvd.nist.gov/vuln/detail/CVE-2023-34462

<quote>
The `SniHandler` can allocate up to 16MB of heap for each channel during the 
TLS handshake. When the handler or the channel does not have an idle timeout, 
it can be used to make a TCP server using the `SniHandler` to allocate 16MB of 
heap.
<quote>



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (CASSANDRA-18649) netty-all vulnerability: CVE-2023-34462

Reply via email to