CVE-2021-38153

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-38153

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38153.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-38153

Aliases

Related

UBUNTU-CVE-2021-38153

Published

2021-09-22T09:15:07Z

Modified

2024-10-15T05:42:19.120204Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.

References

Affected packages

Git / github.com/apache/kafka

Affected ranges

Type: GIT
Repo: https://github.com/apache/kafka
Events: Introduced

3402a8361b7347326b8a9fdb22300986fbbf9cd0

Fixed

c24cbd3f5eeffa1e37a26de37a85d1fb72cdada6

Type: GIT
Repo: https://github.com/quarkusio/quarkus
Events: Introduced

ca1e69e9fbc13d531226a7d7a0cab59e835ee167

Fixed

3e61beaf61737e72ee748bb086506009adf00175