You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Bruno Cadonna (Jira)" <ji...@apache.org> on 2023/01/25 10:13:00 UTC
[jira] [Updated] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
[ https://issues.apache.org/jira/browse/KAFKA-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bruno Cadonna updated KAFKA-14324:
----------------------------------
Fix Version/s: 3.2.4
3.1.3
3.0.3
3.3.2
> [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
> --------------------------------------------------
>
> Key: KAFKA-14324
> URL: https://issues.apache.org/jira/browse/KAFKA-14324
> Project: Kafka
> Issue Type: Bug
> Components: streams
> Affects Versions: 3.1.2, 3.2.3, 3.3.1
> Reporter: VZhang
> Assignee: Christo Lolov
> Priority: Critical
> Fix For: 3.4.0, 3.3.2, 3.2.4, 3.1.3, 3.0.3
>
> Attachments: 6.29.4.1_to_7.1.2_compat_report.html, 6.29.4.1_to_7.7.3_compat_report.html
>
>
> Hi, Team
> There is an old CVE introduced by rocksdbjni-6.29.4.1, which has already been fixed by [https://github.com/facebook/rocksdb/commit/5dbdb197f19644d3f53f75781a3ef56e4387134b]
> [https://nvd.nist.gov/vuln/detail/cve-2018-25032]
> *Current Description:*
> zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
> CVE-2018-25032 - CVSS Score:{*}7.5{*} (v3.0) (zlib-1.2.11)
> Please help to upgrade the rocksdb.
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)