Raja lalwani created SOLR-17826:
-----------------------------------
Summary: Upgrade Netty to fix CVE-2025-24970 in Solr 9.8.1 (or
previous)
Key: SOLR-17826
URL: https://issues.apache.org/jira/browse/SOLR-17826
Project: Solr
Issue Type: Task
Components: SolrCloud
Reporter: Raja lalwani
h3. *Details of the Issue*
* {*}CVE ID{*}:
[CVE-2025-24970|https://nvd.nist.gov/vuln/detail/CVE-2025-24970]
* {*}Affected Solr Version{*}: < 9.8.1
* {*}Vulnerable Dependency{*}: Netty 4.1.114
* {*}Impact{*}: When a special crafted packet is received via SslHandler it
doesn't correctly handle validation of such a packet in all cases which can
lead to a native crash.
* {*}Fix{*}: Upgrade Netty to *4.1.118.Final* (or the version addressing this
CVE).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
