You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "sihuanx (Jira)" <ji...@apache.org> on 2020/04/13 12:34:00 UTC
[jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free
vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to
cause a denial of service (crash) via a crafted bzip2 file, related to
block ends set to before the start of the block.
sihuanx created KAFKA-9858:
------------------------------
Summary: CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
Key: KAFKA-9858
URL: https://issues.apache.org/jira/browse/KAFKA-9858
Project: Kafka
Issue Type: Bug
Components: security
Affects Versions: 2.4.1, 2.3.1, 2.2.2
Reporter: sihuanx
I'm not sure whether CVE-2016-3189 affects kafka 2.4.1 or not? This vulnerability was related to rocksdbjni-5.18.3.jar which is compiled with *bzip2 .*
Or is there any task or plan to fix it.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)