CVE-2022-34917

CWE-789CWE-770Allocation without LimitsCWE-400Uncontrolled Resource Consumption6 documents6 sources
Severity
7.5HIGH
EPSS
0.1%
top 77.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache KafkaApache Software Foundation Apache Kafka
Timeline
PublishedSep 20
Latest updateJan 15

Description

A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to es

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDapache/kafka2.8.02.8.2+3
Mavenorg.apache.kafka:kafka2.8.02.8.2+3

🔴Vulnerability Details

3
GHSA
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service2022-09-21
OSV
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service2022-09-21
CVEList
Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers2022-09-20

📋Vendor Advisories

2
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (Apache Kafka) — CVE-2022-349172023-01-15
Red Hat
Kafka: Unauthenticated clients may cause OutOfMemoryError on brokers2022-09-19
CVE-2022-34917 (HIGH CVSS 7.5) | A security vulnerability has been i | cvebase.io