Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-14324

[CVE-2018-25032] introduced by rocksdbjni:6.29.4.1

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 3.1.2, 3.2.3, 3.3.1
    • 3.4.0, 3.3.2, 3.2.4, 3.1.3, 3.0.3
    • streams
    • None

    Description

      Hi, Team
      There is an old CVE introduced by rocksdbjni-6.29.4.1, which has already been fixed by https://github.com/facebook/rocksdb/commit/5dbdb197f19644d3f53f75781a3ef56e4387134b

      https://nvd.nist.gov/vuln/detail/cve-2018-25032

      Current Description:

      zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

      CVE-2018-25032 - CVSS Score:7.5 (v3.0) (zlib-1.2.11)

      Please help to upgrade the rocksdb.
      Thanks

      Attachments

        Activity

          christo_lolov Christo Lolov added a comment -

          Hello vinsonZhang! I prepared a pull request for this and I would be grateful if you could review it

          christo_lolov Christo Lolov added a comment - Hello vinsonZhang ! I prepared a pull request for this and I would be grateful if you could review it

          People

            christo_lolov Christo Lolov
            vinsonZhang VZhang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: