[jira] [Created] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1

VZhang (Jira) Wed, 19 Oct 2022 18:22:05 -0700

VZhang created KAFKA-14324:
------------------------------

             Summary: [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
                 Key: KAFKA-14324
                 URL: https://issues.apache.org/jira/browse/KAFKA-14324
             Project: Kafka
          Issue Type: Bug
          Components: streams
    Affects Versions: 3.3.1, 3.2.3, 3.1.2
            Reporter: VZhang



Hi, Team
There is an old CVE introduced by rocksdbjni-6.29.4.1, which has already been 
fixed by 
[https://github.com/facebook/rocksdb/commit/5dbdb197f19644d3f53f75781a3ef56e4387134b]

[https://nvd.nist.gov/vuln/detail/cve-2018-25032]

*Current Description:* 

zlib before 1.2.12 allows memory corruption when deflating (i.e., when 
compressing) if the input has many distant matches.

CVE-2018-25032 - CVSS Score:{*}7.5{*} (v3.0) (zlib-1.2.11)

Please help to upgrade the rocksdb.
Thanks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1

Reply via email to