[jira] [Created] (SOLR-17826) Upgrade Netty to fix CVE-2025-24970 in Solr 9.8.1 (or previous)

Raja lalwani (Jira) Wed, 23 Jul 2025 04:42:46 -0700

Raja lalwani created SOLR-17826:
-----------------------------------

             Summary: Upgrade Netty to fix CVE-2025-24970 in Solr 9.8.1 (or 
previous)
                 Key: SOLR-17826
                 URL: https://issues.apache.org/jira/browse/SOLR-17826
             Project: Solr
          Issue Type: Task
          Components: SolrCloud
            Reporter: Raja lalwani



h3. *Details of the Issue*
 * {*}CVE ID{*}: 
[CVE-2025-24970|https://nvd.nist.gov/vuln/detail/CVE-2025-24970] 

 * {*}Affected Solr Version{*}: < 9.8.1

 * {*}Vulnerable Dependency{*}: Netty 4.1.114

 * {*}Impact{*}: When a special crafted packet is received via SslHandler it 
doesn't correctly handle validation of such a packet in all cases which can 
lead to a native crash.

 * {*}Fix{*}: Upgrade Netty to *4.1.118.Final* (or the version addressing this 
CVE).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (SOLR-17826) Upgrade Netty to fix CVE-2025-24970 in Solr 9.8.1 (or previous)

Reply via email to