[jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

sihuanx (Jira) Mon, 13 Apr 2020 05:34:50 -0700

sihuanx created KAFKA-9858:
------------------------------

             Summary: CVE-2016-3189  Use-after-free vulnerability in 
bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of 
service (crash) via a crafted bzip2 file, related to block ends set to before 
the start of the block.
                 Key: KAFKA-9858
                 URL: https://issues.apache.org/jira/browse/KAFKA-9858
             Project: Kafka
          Issue Type: Bug
          Components: security
    Affects Versions: 2.4.1, 2.3.1, 2.2.2
            Reporter: sihuanx



I'm not sure whether  CVE-2016-3189 affects kafka 2.4.1  or not?  This 
vulnerability  was related to rocksdbjni-5.18.3.jar  which is compiled with 
*bzip2 .* 

Or is there any task or plan to fix it.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

Reply via email to