/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-rqpg-8h74-r7j9

Published

Last updated

https://images.chainguard.dev/security/CGA-rqpg-8h74-r7j9
Package

solr

Latest Update
Pending upstream fix
Aliases
  • GHSA-4g8c-wm8x-jfhw

Severity

7.5

High

CVSS V3

Summary

SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

Description

Impact

When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash.

Workarounds

As workaround its possible to either disable the usage of the native SSLEngine or changing the code from:

SslContext context = ...;
SslHandler handler = context.newHandler(....);

to:

SslContext context = ...;
SSLEngine engine = context.newEngine(....);
SslHandler handler = new SslHandler(engine, ....);

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation