Denial of Service (DoS) The advisory has been revoked - it doesn't affect any version of package org.onosproject:onlab-stc  (opens in a new tab)


Threat Intelligence

EPSS
1.18% (85th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGONOSPROJECT-31255
  • published11 Feb 2015
  • disclosed11 Feb 2015
  • creditLaurentiu Luca

Introduced: 11 Feb 2015

CVE-2014-3488  (opens in a new tab)
CWE-835  (opens in a new tab)

Overview

org.onosproject:onlab-stc is a systems test coordinator.

Affected versions of this package are vulnerable to Denial of Service (DoS). The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

References