[
https://issues.apache.org/jira/browse/KAFKA-9858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
sihuanx updated KAFKA-9858:
---------------------------
Description:
I'm not sure whether CVE-2016-3189 affects kafka 2.4.1 or not? This
vulnerability was related to rocksdbjni-5.18.3.jar which is compiled with
*bzip2 .*
Is there any task or plan to fix it?
was:
I'm not sure whether CVE-2016-3189 affects kafka 2.4.1 or not? This
vulnerability was related to rocksdbjni-5.18.3.jar which is compiled with
*bzip2 .*
Or is there any task or plan to fix it.
> CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6
> allows remote attackers to cause a denial of service (crash) via a crafted
> bzip2 file, related to block ends set to before the start of the block.
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: KAFKA-9858
> URL: https://issues.apache.org/jira/browse/KAFKA-9858
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 2.2.2, 2.3.1, 2.4.1
> Reporter: sihuanx
> Priority: Major
>
> I'm not sure whether CVE-2016-3189 affects kafka 2.4.1 or not? This
> vulnerability was related to rocksdbjni-5.18.3.jar which is compiled with
> *bzip2 .*
> Is there any task or plan to fix it?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
