CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
81.9%
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
www.openwall.com/lists/oss-security/2023/09/29/6
github.com/advisories/GHSA-rhrv-645h-fjfh
github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828
github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml
lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
nvd.nist.gov/vuln/detail/CVE-2023-39410
security.netapp.com/advisory/ntap-20240621-0006
www.openwall.com/lists/oss-security/2023/09/29/6