[KAFKA-9858] CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.2, 2.3.1, 2.4.1
Fix Version/s: 3.0.0
Component/s: security
Labels:
None

External issue URL:
https://nvd.nist.gov/vuln/detail/CVE-2016-3189

Description

I'm not sure whether CVE-2016-3189 affects kafka 2.4.1 or not? This vulnerability was related to rocksdbjni-5.18.3.jar which is compiled with bzip2 .

Is there any task or plan to fix it?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: sihuanx

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 13/Apr/20 12:33

Updated:: 29/Jul/21 18:33

Resolved:: 29/Jul/21 18:33