Vishal created KAFKA-18820:
------------------------------
Summary: CVE-2025-24970 [netty-handler] [4.1.111.Final]
Key: KAFKA-18820
URL: https://issues.apache.org/jira/browse/KAFKA-18820
Project: Kafka
Issue Type: Bug
Affects Versions: 3.9.0, 3.6.3, 3.8.2, 3.7.3
Reporter: Vishal
Netty, an asynchronous, event-driven network application framework, has a
vulnerability starting in version 4.1.91.Final and prior to version
4.1.118.Final. When a special crafted packet is received via SslHandler it
doesn't correctly handle validation of such a packet in all cases which can
lead to a native crash. Version 4.1.118.Final contains a patch. As workaround
its possible to either disable the usage of the native SSLEngine or change the
code manually.
*NVD URL :* [https://nvd.nist.gov/vuln/detail/CVE-2025-24970]
*Fix Version :* 4.1.118.Final
_This issue was created with the help of static security scanners._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
