[jira] [Updated] (SOLR-17826) Upgrade Netty to fix CVE-2025-24970 in Solr 9.8.1 (or previous)

Wed, 23 Jul 2025 04:45:19 -0700 


     [ 
https://issues.apache.org/jira/browse/SOLR-17826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Raja lalwani updated SOLR-17826:
--------------------------------
    Description: 
h3. *Details of the Issue*
 * {*}CVE ID{*}: 
[CVE-2025-24970|https://nvd.nist.gov/vuln/detail/CVE-2025-24970] 

 * {*}Affected Solr Version{*}: <= 9.8.1

 * {*}Vulnerable Dependency{*}: Netty 4.1.114

 * {*}Impact{*}: When a special crafted packet is received via SslHandler it 
doesn't correctly handle validation of such a packet in all cases which can 
lead to a native crash.

 * {*}Fix{*}: Upgrade Netty to *4.1.118.Final* (or the version addressing this 
CVE).

  was:
h3. *Details of the Issue*
 * {*}CVE ID{*}: 
[CVE-2025-24970|https://nvd.nist.gov/vuln/detail/CVE-2025-24970] 

 * {*}Affected Solr Version{*}: < 9.8.1

 * {*}Vulnerable Dependency{*}: Netty 4.1.114

 * {*}Impact{*}: When a special crafted packet is received via SslHandler it 
doesn't correctly handle validation of such a packet in all cases which can 
lead to a native crash.

 * {*}Fix{*}: Upgrade Netty to *4.1.118.Final* (or the version addressing this 
CVE).


> Upgrade Netty to fix CVE-2025-24970 in Solr 9.8.1 (or previous)
> ---------------------------------------------------------------
>
>                 Key: SOLR-17826
>                 URL: https://issues.apache.org/jira/browse/SOLR-17826
>             Project: Solr
>          Issue Type: Task
>          Components: SolrCloud
>            Reporter: Raja lalwani
>            Priority: Major
>
> h3. *Details of the Issue*
>  * {*}CVE ID{*}: 
> [CVE-2025-24970|https://nvd.nist.gov/vuln/detail/CVE-2025-24970] 
>  * {*}Affected Solr Version{*}: <= 9.8.1
>  * {*}Vulnerable Dependency{*}: Netty 4.1.114
>  * {*}Impact{*}: When a special crafted packet is received via SslHandler it 
> doesn't correctly handle validation of such a packet in all cases which can 
> lead to a native crash.
>  * {*}Fix{*}: Upgrade Netty to *4.1.118.Final* (or the version addressing 
> this CVE).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to