Improper Input Validation

CVE-2025-24970

High

7.5/10

Summary

Netty, an asynchronous, event-driven network application framework, has a vulnerability in version 4.1.91.Final through 4.1.117.Final and 4.2.0.Alpha1 through 4.2.0.RC2. When a specially crafted packet is received via SslHandler, it doesn't correctly handle the validation of such a packet in all cases, which can lead to a native crash. As a workaround, it's possible to either disable the usage of the native SSLEngine or change the code manually.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

Advisory

Advisory Timeline

Published Feb 10, 2025

Improper Input Validation

CVE-2025-24970

Summary

CWE-20 - Improper Input Validation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS