What is CVE-2023-34462?

CVE-2023-34462 is a vulnerability in the Netty framework that can lead to a Denial of Service (DoS) attack when exploited. The vulnerability impacts various systems, including those running NetApp products and the Java NIO client/server socket framework.

Who is impacted by CVE-2023-34462?

The CVE-2023-34462 vulnerability affects users of the Netty framework, specifically those using versions up to, but not including, 4.1.94. Additionally, users of the netty package in the oldstable and stable distributions may also be impacted. However, there is no clear information on the affected versions for these distributions. NetApp product users might be affected as well, but the specific affected versions are not mentioned.

What should I do if I’m affected?

If you're affected by the CVE-2023-34462 vulnerability, it's crucial to take action to protect your system. Update your Netty framework to version 4.1.94.Final or later. For NetApp product users, monitor the NetApp advisory for updates and fixes. Debian users should upgrade their netty packages as advised in the Debian security advisory. Contact technical support if you need assistance or have questions.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-34462 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. To address this issue, update the Netty framework to version 4.1.94.Final or later. For Debian users, upgrade the netty package as advised. NetApp product users should monitor the advisory for updates and fixes.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-770 and CWE-400, related to resource allocation and consumption issues in the Netty framework.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• NetApp Product Security

• Markus Koschany