[
https://issues.apache.org/jira/browse/CASSANDRA-18649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brandon Williams updated CASSANDRA-18649:
-----------------------------------------
Description:
This is failing owasp:
https://nvd.nist.gov/vuln/detail/CVE-2023-34462
{quote}
The `SniHandler` can allocate up to 16MB of heap for each channel during the
TLS handshake. When the handler or the channel does not have an idle timeout,
it can be used to make a TCP server using the `SniHandler` to allocate 16MB of
heap.
{quote}
was:
This is failing owasp:
https://nvd.nist.gov/vuln/detail/CVE-2023-34462
<quote>
The `SniHandler` can allocate up to 16MB of heap for each channel during the
TLS handshake. When the handler or the channel does not have an idle timeout,
it can be used to make a TCP server using the `SniHandler` to allocate 16MB of
heap.
<quote>
> netty-all vulnerability: CVE-2023-34462
> ---------------------------------------
>
> Key: CASSANDRA-18649
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18649
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Encryption
> Reporter: Brandon Williams
> Assignee: Brandon Williams
> Priority: Normal
> Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 5.x
>
>
> This is failing owasp:
> https://nvd.nist.gov/vuln/detail/CVE-2023-34462
> {quote}
> The `SniHandler` can allocate up to 16MB of heap for each channel during the
> TLS handshake. When the handler or the channel does not have an idle timeout,
> it can be used to make a TCP server using the `SniHandler` to allocate 16MB
> of heap.
> {quote}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
