karafka-rdkafka is vulnerable to Heap-based Buffer Overflow
84
High Risk
The package's native admin result parsing used an incorrect out-parameter size (:int32 instead of librdkafka's size_t), which can write past allocated memory and cause heap overflow/undefined behavior on every admin operation result parse. The update fixes this sizing mismatch, and also corrects native lifetime/cleanup for admin background events and related handle/error paths to prevent deadlocks and native memory leaks/double-frees.
You are affected if you are using a version that falls within the vulnerable range.
karafka-rdkafka is vulnerable to Heap-based Buffer Overflow in versions 0.0.0 - 0.27.2.
Upgrade the karafka-rdkafka library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant