[jira] [Updated] (KAFKA-2878) Kafka broker throws OutOfMemory exception with invalid join group request

Ismael Juma (JIRA) Thu, 18 Feb 2016 01:27:28 -0800

     [ 
https://issues.apache.org/jira/browse/KAFKA-2878?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ismael Juma updated KAFKA-2878:
-------------------------------
    Fix Version/s: 0.9.0.1

> Kafka broker throws OutOfMemory exception with invalid join group request
> -------------------------------------------------------------------------
>
>                 Key: KAFKA-2878
>                 URL: https://issues.apache.org/jira/browse/KAFKA-2878
>             Project: Kafka
>          Issue Type: Bug
>          Components: clients
>    Affects Versions: 0.9.0.0
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>            Priority: Critical
>             Fix For: 0.9.0.1, 0.9.1.0
>
>
> Array allocation for join group request doesn't have any checks and hence can 
> result in OutOfMemory exception in the broker. Array size from the request 
> should be validated to avoid DoS attacks on a secure installation of Kafka.
> {quote}
> at org/apache/kafka/common/protocol/types/ArrayOf.read(ArrayOf.java:44)
> at org/apache/kafka/common/protocol/types/Schema.read(Schema.java:69)
> at 
> org/apache/kafka/common/protocol/ProtoUtils.parseRequest(ProtoUtils.java:60)
> at 
> org/apache/kafka/common/requests/JoinGroupRequest.parse(JoinGroupRequest.java:144)
> at 
> org/apache/kafka/common/requests/AbstractRequest.getRequest(AbstractRequest.java:55)
>  
> at kafka/network/RequestChannel$Request.<init>(RequestChannel.scala:78)
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KAFKA-2878) Kafka broker throws OutOfMemory exception with invalid join group request

Reply via email to