[
https://issues.apache.org/jira/browse/ZOOKEEPER-4285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Damien Diederen resolved ZOOKEEPER-4285.
----------------------------------------
Assignee: Damien Diederen
Resolution: Invalid
Hi [~priyavj],
ZooKeeper releases do not bundle the GNU C library, nor native binaries, so I
don't see how this report could be lifted on our side. If you have installed
some kind of ZooKeeper package provided by a distributor, I would suggest
raising the issue with them.
(Of course, feel free to reopen if I missed something.)
Best, -D
> High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1
> -----------------------------------------------------------------
>
> Key: ZOOKEEPER-4285
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4285
> Project: ZooKeeper
> Issue Type: Bug
> Reporter: priya Vijay
> Assignee: Damien Diederen
> Priority: Major
>
> On running clair scanner for Zookeeper 3.6.1, the following high priority
> vulnerability is reported:
> CVE-2019-25013 [https://nvd.nist.gov/vuln/detail/CVE-2019-25013]
> details: The iconv feature in the GNU C Library (aka glibc or libc6) through
> 2.32, when processing invalid multi-byte input sequences in the EUC-KR
> encoding, may have a buffer over-read
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
