Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-34917

Опубликовано: 20 сент. 2022
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*
Версия от 2.8.0 (включая) до 2.8.2 (исключая)
cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*
Версия от 3.0.0 (включая) до 3.0.2 (исключая)
cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*
Версия от 3.1.0 (включая) до 3.1.2 (исключая)
cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*
Версия от 3.2.0 (включая) до 3.2.3 (исключая)

EPSS

Процентиль: 22%
0.00072
Низкий

7.5 High

CVSS3

Дефекты

CWE-789
CWE-770

Связанные уязвимости

redhat логотип

CVE-2022-34917

CVSS3: 7.5
redhat
больше 3 лет назад

A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.

debian логотип

CVE-2022-34917

CVSS3: 7.5
debian
больше 3 лет назад

A security vulnerability has been identified in Apache Kafka. It affec ...

github логотип

GHSA-c9h3-c6qj-hh7q

CVSS3: 7.5
github
больше 3 лет назад

Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service

fstec логотип

BDU:2023-00007

CVSS3: 7.5
fstec
больше 3 лет назад

Уязвимость диспетчера сообщений Apache Kafka, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 22%
0.00072
Низкий

7.5 High

CVSS3

Дефекты

CWE-789
CWE-770