Lucene search

K
broadcomBroadcom Security ResponseBSNSA23262
HistoryApr 16, 2024 - 12:00 a.m.

Apache Avro Java SDK vulnerable to Improper Input Validation (CVE-2023-39410)

2024-04-1600:00:00
Broadcom Security Response
support.broadcom.com
19
apache avro
java sdk
improper input validation
cve-2023-39410
deserialization
memory consumption
out of memory
update

AI Score

7.1

Confidence

High

EPSS

0.008

Percentile

81.9%

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.

This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

Affected configurations

Vulners
Node
broadcombrocade_sannavRange<2.3.0a
VendorProductVersionCPE
broadcombrocade_sannav*cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*