[jira] [Created] (CASSANDRA-20455) [CVE-2025-24970 netty-handler] bump netty to 4.1.119.Final or greater

Vanessa Haro (Jira) Tue, 18 Mar 2025 10:30:23 -0700

Vanessa Haro created CASSANDRA-20455:
----------------------------------------


             Summary: [CVE-2025-24970 netty-handler] bump netty to 
4.1.119.Final or greater 
                 Key: CASSANDRA-20455
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-20455
             Project: Apache Cassandra
          Issue Type: Bug
          Components: Dependencies
            Reporter: Vanessa Haro


[CVE-2025-24970 netty-handler] bump netty to 4.1.119.Final or greater 

netty 4.1.117 and below has 
[CVE-2025-24970|https://nvd.nist.gov/vuln/detail/CVE-2025-24970] which is fixed 
in 4.1.118+.

Impact: When a special crafted packet is received via SslHandler it doesn't 
correctly handle validation of such a packet in all cases which can lead to a 
native crash.
 
See advisory:
 * [https://github.com/advisories/GHSA-4g8c-wm8x-jfhw]
 * [https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (CASSANDRA-20455) [CVE-2025-24970 netty-handler] bump netty to 4.1.119.Final or greater

Reply via email to