The Apache Kafka® project announced on September 19, 2022 that a security vulnerability has been identified in Apache Kafka, CVE-2022-34917. After being informed of this, Instaclustr began investigating its potential impact on customers of our Apache Kafka offering. This vulnerability allows malicious, unauthenticated clients to allocate large amounts of memory on the brokers. This can lead to OutOfMemoryException in the brokers causing denial of service.
Read on to learn more about the impact and techniques for mitigation.