Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Libcurl and OpenSSL Vulnerabilities in librdkafka #4853

Open
1 task done
HadhemiDD opened this issue Sep 26, 2024 · 0 comments · May be fixed by #4875
Open
1 task done

Libcurl and OpenSSL Vulnerabilities in librdkafka #4853

HadhemiDD opened this issue Sep 26, 2024 · 0 comments · May be fixed by #4875

Comments

@HadhemiDD
Copy link

HadhemiDD commented Sep 26, 2024
edited
Loading

Description

LibCurl
CVE-2024-7264

Librdkafka uses libcurl 8.8.0 , but this version is impacted by the CVE-2024-7264 vulnerability, therefore should be upgraded to version 8.9.1 or higher.

OpenSSL
CVE-2024-6119
CVE-2024-5535
CVE-2024-4741
CVE-2024-4603
CVE-2024-2511

Librdkafka uses OpenSSL 3.0.13 , but this version is impacted by a few vulnerabilities indicated above, so they should upgrade to 3.0.15: Release note

How to reproduce

No need, it is part of the librdkakfka code :
code link for libcurl
code link for openssl

Checklist

IMPORTANT: We will close issues where the checklist has not been completed.

Please provide the following information:

  • librdkafka version (release number or git tag): v2.5.0
@emasab emasab linked a pull request Oct 15, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrade linux dependencies confluentinc/librdkafka
1 participant
@HadhemiDD