VulnerableCode Package Details - pkg:maven/org.apache.kafka/kafka

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.kafka/kafka_2.10@3.1.0

Essentials
History (1)

purl	pkg:maven/org.apache.kafka/kafka_2.10@3.1.0
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-fcsz-ec5x-3kgc Aliases: CVE-2022-34917 GHSA-c9h3-c6qj-hh7q	Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.	3.1.2 Affected by 0 other vulnerabilities. 3.2.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fcsz-ec5x-3kgc
Aliases:
CVE-2022-34917
GHSA-c9h3-c6qj-hh7q

Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.

3.1.2
Affected by 0 other vulnerabilities.

3.2.3
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T21:27:50.204137+00:00	GitLab Importer	Affected by	VCID-fcsz-ec5x-3kgc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kafka/kafka_2.10/CVE-2022-34917.yml	38.1.0