Hi there,
I think the method io.netty.handler.ssl.OpenSslEngine.wrap(ByteBuffer[]
srcs, int offset, int length, ByteBuffer dst) may have an “Loop with
Unreachable Exit Condition ('Infinite Loop')” vulnerability which is
vulnerable in org.apache.zeppelin:zeppelin-scio_2.11 before the version of
0.8.2. It shares similarities to a recent CVE disclosure *CVE-2016-4970* in
the same project *"netty/netty"* project.
The source vulnerability information is as follows:[image:
image.gif][image:
image.gif]
>
> *Vulnerability Detail:*
>
> *CVE Identifier:* CVE-2016-4970
>
> *Description*: handler/ssl/OpenSslEngine.java in Netty 4.0.x before
> 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause
> a denial of service (infinite loop).
>
> *Reference:* <http://goog_608275719/>
> https://nvd.nist.gov/vuln/detail/CVE-2016-4970
>
> *Patch*:
> https://github.com/netty/netty/commit/9e2c400f89c5badc39919f811179d3d42ac5257c
>
*Vulnerability Description:* The vulnerability is present in the class
io.netty.handler.ssl.OpenSslEngine of method wrap(ByteBuffer[] srcs, int
offset, int length, ByteBuffer dst), which is responsible for encrypting
one or more input ByteBuffer objects using SSL/TLS and writing the result
to the destination ByteBuffer object.. *But t**he code snippet in this
method is similar to the vulnerable snippet for * CVE-2016-4970 and may
have the same consequence as CVE-2016-4970: allows remote attackers to
cause a denial of service (infinite loop). Therefore, maybe you need to fix
the vulnerability with much the same fix code as the CVE-2016-4970 patch.
Considering the potential risks it may have, I am willing to cooperate
with you to verify, address, and report the identified vulnerability
promptly through responsible means. If you require any further information
or assistance, please do not hesitate to reach out to me. Thank you and
look forward to hearing from you soon.
Best regards,
Yiheng Cao
