You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Damien Diederen (Jira)" <ji...@apache.org> on 2021/05/06 09:20:00 UTC
[jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by
Clair scanner for Zookeeper 3.6.1
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Damien Diederen resolved ZOOKEEPER-4285.
----------------------------------------
Assignee: Damien Diederen
Resolution: Invalid
Hi [~priyavj],
ZooKeeper releases do not bundle the GNU C library, nor native binaries, so I don't see how this report could be lifted on our side. If you have installed some kind of ZooKeeper package provided by a distributor, I would suggest raising the issue with them.
(Of course, feel free to reopen if I missed something.)
Best, -D
> High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1
> -----------------------------------------------------------------
>
> Key: ZOOKEEPER-4285
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4285
> Project: ZooKeeper
> Issue Type: Bug
> Reporter: priya Vijay
> Assignee: Damien Diederen
> Priority: Major
>
> On running clair scanner for Zookeeper 3.6.1, the following high priority vulnerability is reported:
> CVE-2019-25013 [https://nvd.nist.gov/vuln/detail/CVE-2019-25013]
> details: The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read
--
This message was sent by Atlassian Jira
(v8.3.4#803005)