[
https://issues.apache.org/jira/browse/KAFKA-14063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manikumar updated KAFKA-14063:
------------------------------
Summary: CVE-2022-34917: Kafka message parsing can cause ooms with small
antagonistic payloads (was: Kafka message parsing can cause ooms with small
antagonistic payloads)
> CVE-2022-34917: Kafka message parsing can cause ooms with small antagonistic
> payloads
> -------------------------------------------------------------------------------------
>
> Key: KAFKA-14063
> URL: https://issues.apache.org/jira/browse/KAFKA-14063
> Project: Kafka
> Issue Type: Bug
> Components: generator
> Affects Versions: 3.2.0
> Reporter: Daniel Collins
> Priority: Major
> Fix For: 2.8.2, 3.3.0, 3.0.2, 3.1.2, 3.2.3
>
>
> When parsing code receives a payload for a variable length field where the
> length is specified in the code as some arbitrarily large number (assume
> INT32_MAX for example) this will immediately try to allocate an ArrayList to
> hold this many elements, before checking whether this is a reasonable array
> size given the available data.
> The fix for this is to instead throw a runtime exception if the length of a
> variably sized container exceeds the amount of remaining data. Then, the
> worst a user can do is force the server to allocate 8x the size of the actual
> delivered data (if they claim there are N elements for a container of Objects
> (i.e. not a byte string) and each Object bottoms out in an 8 byte pointer in
> the ArrayList's backing array).
> This was identified by fuzzing the kafka request parsing code.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
