sihuanx created KAFKA-9858: ------------------------------ Summary: CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. Key: KAFKA-9858 URL: https://issues.apache.org/jira/browse/KAFKA-9858 Project: Kafka Issue Type: Bug Components: security Affects Versions: 2.4.1, 2.3.1, 2.2.2 Reporter: sihuanx
I'm not sure whether CVE-2016-3189 affects kafka 2.4.1 or not? This vulnerability was related to rocksdbjni-5.18.3.jar which is compiled with *bzip2 .* Or is there any task or plan to fix it. -- This message was sent by Atlassian Jira (v8.3.4#803005)