Apache Kafka allows malicious unauthenticated clients to allocate large amounts of memory on brokers, and could lead to OutOfMemoryException and causing denial of service. The following auth methods were affected: Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue.
This issue has been addressed in the following products: Red Hat AMQ Streams 2.2.0 Via RHSA-2022:6819 https://access.redhat.com/errata/RHSA-2022:6819