librdkafka icon indicating copy to clipboard operation
librdkafka copied to clipboard
verified publisher icon confluentinc

Libcurl and OpenSSL Vulnerabilities in librdkafka

Open HadhemiDD opened this issue 1 year ago • 0 comments

Description

LibCurl CVE-2024-7264 Librdkafka uses libcurl 8.8.0 , but this version is impacted by the CVE-2024-7264 vulnerability, therefore should be upgraded to version 8.9.1 or higher.

OpenSSL CVE-2024-6119 CVE-2024-5535 CVE-2024-4741 CVE-2024-4603 CVE-2024-2511

Librdkafka uses OpenSSL 3.0.13 , but this version is impacted by a few vulnerabilities indicated above, so they should upgrade to 3.0.15: Release note

How to reproduce

No need, it is part of the librdkakfka code : code link for libcurl code link for openssl

Checklist

IMPORTANT: We will close issues where the checklist has not been completed.

Please provide the following information:

  • [x] librdkafka version (release number or git tag): v2.5.0

HadhemiDD avatar Sep 26 '24 16:09 HadhemiDD