You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Bruno Cadonna (Jira)" <ji...@apache.org> on 2023/01/25 10:13:00 UTC

[jira] [Updated] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1

     [ https://issues.apache.org/jira/browse/KAFKA-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bruno Cadonna updated KAFKA-14324:
----------------------------------
    Fix Version/s: 3.2.4
                   3.1.3
                   3.0.3
                   3.3.2

> [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
> --------------------------------------------------
>
>                 Key: KAFKA-14324
>                 URL: https://issues.apache.org/jira/browse/KAFKA-14324
>             Project: Kafka
>          Issue Type: Bug
>          Components: streams
>    Affects Versions: 3.1.2, 3.2.3, 3.3.1
>            Reporter: VZhang
>            Assignee: Christo Lolov
>            Priority: Critical
>             Fix For: 3.4.0, 3.3.2, 3.2.4, 3.1.3, 3.0.3
>
>         Attachments: 6.29.4.1_to_7.1.2_compat_report.html, 6.29.4.1_to_7.7.3_compat_report.html
>
>
> Hi, Team
> There is an old CVE introduced by rocksdbjni-6.29.4.1, which has already been fixed by [https://github.com/facebook/rocksdb/commit/5dbdb197f19644d3f53f75781a3ef56e4387134b]
> [https://nvd.nist.gov/vuln/detail/cve-2018-25032]
> *Current Description:* 
> zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
> CVE-2018-25032 - CVSS Score:{*}7.5{*} (v3.0) (zlib-1.2.11)
> Please help to upgrade the rocksdb.
> Thanks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)