[KAFKA-14324] [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.1.2, 3.2.3, 3.3.1
Fix Version/s: 3.4.0, 3.3.2, 3.2.4, 3.1.3, 3.0.3
Component/s: streams
Labels:
None

Description

Hi, Team
There is an old CVE introduced by rocksdbjni-6.29.4.1, which has already been fixed by https://github.com/facebook/rocksdb/commit/5dbdb197f19644d3f53f75781a3ef56e4387134b

https://nvd.nist.gov/vuln/detail/cve-2018-25032

Current Description:

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVE-2018-25032 - CVSS Score:7.5 (v3.0) (zlib-1.2.11)

Please help to upgrade the rocksdb.
Thanks

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

6.29.4.1_to_7.1.2_compat_report.html
26/Oct/22 06:38
211 kB
VZhang
6.29.4.1_to_7.7.3_compat_report.html
26/Oct/22 06:38
265 kB
VZhang

Issue Links

links to

GitHub Pull Request #12809

GitHub Pull Request #12925

Activity

People

Assignee:: Christo Lolov

Reporter:: VZhang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 20/Oct/22 01:21

Updated:: 09/May/23 06:41

Resolved:: 15/Nov/22 11:51