7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.008 Low
EPSS
Percentile
82.0%
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
www.openwall.com/lists/oss-security/2023/09/29/6
github.com/apache/avro
github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828
github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml
lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
nvd.nist.gov/vuln/detail/CVE-2023-39410
security.netapp.com/advisory/ntap-20240621-0006
www.openwall.com/lists/oss-security/2023/09/29/6