CVE-2022-34917— Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-34917
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经控制的内存分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Kafka 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Kafka是美国阿帕奇(Apache)基金会的一套开源的分布式流媒体平台。该平台能够获取实时数据,用于构建对数据流的变化进行实时反应的应用程序。 Apache Kafka存在安全漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Kafka | Apache Kafka 2.8.0 2.8.0 | - |
II. Public POCs for CVE-2022-34917
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-34917
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: Apache Kafka
- CVE-2026-33557
Apache Kafka: Missing JWT token validation in OAUTHBEARER au - CVE-2026-33558
Apache Kafka, Apache Kafka Clients: Information Exposure Thr - CVE-2025-27819
Apache Kafka: Possible RCE/Denial of service attack via SASL - CVE-2025-27818
Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginMod - CVE-2024-56128
Apache Kafka: SCRAM authentication vulnerable to replay atta
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-789
- CVE-2021-47944
memono Notepad 4.2 Denial of Service via Buffer Overflow - CVE-2026-42241
ParquetSharp: Possible Stack Overflow When Reading a Parquet - CVE-2026-43868
Apache Thrift: Rust implementation vulnerable to CVE-2020-13 - CVE-2026-42146
CImg Library: Uncontrolled memory allocation via nb_colors f - CVE-2026-42440
Apache OpenNLP: OOM DoS via Unbounded Array Allocation in Ab
V. Comments for CVE-2022-34917
No comments yet