[jira] [Assigned] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1

Christo Lolov (Jira) Tue, 01 Nov 2022 06:15:12 -0700


     [ 
https://issues.apache.org/jira/browse/KAFKA-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Christo Lolov reassigned KAFKA-14324:
-------------------------------------

    Assignee: Christo Lolov

> [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
> --------------------------------------------------
>
>                 Key: KAFKA-14324
>                 URL: https://issues.apache.org/jira/browse/KAFKA-14324
>             Project: Kafka
>          Issue Type: Bug
>          Components: streams
>    Affects Versions: 3.1.2, 3.2.3, 3.3.1
>            Reporter: VZhang
>            Assignee: Christo Lolov
>            Priority: Critical
>             Fix For: 3.4.0
>
>         Attachments: 6.29.4.1_to_7.1.2_compat_report.html, 
> 6.29.4.1_to_7.7.3_compat_report.html
>
>
> Hi, Team
> There is an old CVE introduced by rocksdbjni-6.29.4.1, which has already been 
> fixed by 
> [https://github.com/facebook/rocksdb/commit/5dbdb197f19644d3f53f75781a3ef56e4387134b]
> [https://nvd.nist.gov/vuln/detail/cve-2018-25032]
> *Current Description:* 
> zlib before 1.2.12 allows memory corruption when deflating (i.e., when 
> compressing) if the input has many distant matches.
> CVE-2018-25032 - CVSS Score:{*}7.5{*} (v3.0) (zlib-1.2.11)
> Please help to upgrade the rocksdb.
> Thanks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1

Reply via email to