[ https://issues.apache.org/jira/browse/KUDU-3156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexey Serbin resolved KUDU-3156. --------------------------------- Fix Version/s: n/a Resolution: Information Provided Kudu doesn't use {{LZ4_compress_fast}} call, so it's not affected by CVE-2019-17543. > Whether the CVE-2019-17543 vulnerability of lz affects kudu > ----------------------------------------------------------- > > Key: KUDU-3156 > URL: https://issues.apache.org/jira/browse/KUDU-3156 > Project: Kudu > Issue Type: Bug > Affects Versions: 1.8.0 > Reporter: yejiabao_h > Priority: Major > Fix For: n/a > > > LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to > LZ4_compress_destSize), affecting applications that call LZ4_compress_fast > with a large input. (This issue can also lead to data corruption.) NOTE: the > vendor states "only a few specific / uncommon usages of the API are at risk." > > Whether the CVE-2019-17543 vulnerability of lz affects kudu? if yes, what is > the impact? -- This message was sent by Atlassian Jira (v8.3.4#803005)