[jira] [Updated] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1

A. Sophie Blee-Goldman (Jira) Thu, 20 Oct 2022 17:06:05 -0700


     [ 
https://issues.apache.org/jira/browse/KAFKA-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


A. Sophie Blee-Goldman updated KAFKA-14324:
-------------------------------------------
    Fix Version/s: 3.4.0

> [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
> --------------------------------------------------
>
>                 Key: KAFKA-14324
>                 URL: https://issues.apache.org/jira/browse/KAFKA-14324
>             Project: Kafka
>          Issue Type: Bug
>          Components: streams
>    Affects Versions: 3.1.2, 3.2.3, 3.3.1
>            Reporter: VZhang
>            Priority: Critical
>             Fix For: 3.4.0
>
>
> Hi, Team
> There is an old CVE introduced by rocksdbjni-6.29.4.1, which has already been 
> fixed by 
> [https://github.com/facebook/rocksdb/commit/5dbdb197f19644d3f53f75781a3ef56e4387134b]
> [https://nvd.nist.gov/vuln/detail/cve-2018-25032]
> *Current Description:* 
> zlib before 1.2.12 allows memory corruption when deflating (i.e., when 
> compressing) if the input has many distant matches.
> CVE-2018-25032 - CVSS Score:{*}7.5{*} (v3.0) (zlib-1.2.11)
> Please help to upgrade the rocksdb.
> Thanks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1

Reply via email to