fix: Fix DoS vulnerability in SnappyInputStream(CVE-2023-43642)

linkedin / cruise-control

Cruise-control is the first of its kind to fully automate the dynamic workload rebalance and self-healing of a Kafka cluster. It provides great value to Kafka users by simplifying the operation of Kafka clusters.

https://github.com/linkedin/cruise-control/tags

BSD 2-Clause "Simplified" License

2.68k stars 574 forks source link

fix: Fix DoS vulnerability in SnappyInputStream(CVE-2023-43642) #2158

Closed aswinayyolath closed 1 month ago

aswinayyolath commented 1 month ago

Signed-off-by: Aswin A aswin6303@gmail.com

This commit addresses a DoS vulnerability in SnappyInputStream due to missing chunk size validation.

This PR resolves #https://github.com/linkedin/cruise-control/issues/2157

aswinayyolath commented 1 month ago

Dear @CCisGG or someone else, could you please review my pull request?

CCisGG commented 1 month ago

Running internal safety check. Will approve once it passes. Thanks for the work!