303 matches found
ROOT-APP-MAVEN-CVE-2024-47561 CVE-2024-47561 in io.root.org.apache.avro:avro - Patched by Root
Root has patched CVE-2024-47561 in the io.root.org.apache.avro:avro package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-39410 CVE-2023-39410 in io.root.org.apache.avro:avro - Patched by Root
Root has patched CVE-2023-39410 in the io.root.org.apache.avro:avro package for Root:Maven. Multiple fixed versions available...
Linux Distros Unpatched Vulnerability : CVE-2026-46384
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker- controlled 64-bit values from the wire format and either...
Linux Distros Unpatched Vulnerability : CVE-2026-46385
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking...
CVE-2026-46385
A flaw was found in the Avro array and map decoding logic in Go Avro. The decoder failed to properly stop processing after encountering read errors while iterating over attacker-controlled block-count values, leading to excessive resource consumption. A remote unauthenticated attacker could explo...
CVE-2026-46384
An integer overflow flaw was found in Go Avro in decoding logic. Multiple decoder paths performs unsafe integer conversions and overflow-prone arithmetic operations on attacker-controlled values from Avro payloads. A remote attacker during Avro decoder operations could exploit this issue using...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...
CVE-2026-46385
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...
CVE-2026-46384
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...
CVE-2026-46385
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...
CVE-2026-46385 iskorotkov/avro: CPU Exhaustion in Avro Decoder
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...
CVE-2026-46385 iskorotkov/avro: CPU Exhaustion in Avro Decoder
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...