Lucene search
K

301 matches found

EUVD
EUVD
added 2026/05/29 7:58 p.m.11 views

EUVD-2026-33444

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 7:58 p.m.39 views

CVE-2026-46385 iskorotkov/avro: CPU Exhaustion in Avro Decoder

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

8.7CVSS0.00378EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 7:58 p.m.33 views

CVE-2026-46384

CVE-2026-46384 affects iskorotkov/avro (Go) prior to v2.33.0. The root causes are integer overflow and narrowing in Avro decoding paths, including: ReadBlockHeader narrowing on 32-bit targets; cumulative size overflow in arrayDecoder.Decode / mapDecoder.Decode / mapDecoderUnmarshaler.Decode; MinI...

8.7CVSS5.9AI score0.00397EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:58 p.m.8 views

CVE-2026-46384

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

8.7CVSS5.9AI score0.00397EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 7:58 p.m.19 views

CVE-2026-46384 iskorotkov/avro: Integer Overflow in Avro Decoder

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

8.7CVSS5.9AI score0.00397EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 7:58 p.m.13 views

EUVD-2026-33443

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

8.7CVSS5.9AI score0.00397EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 7:58 p.m.38 views

CVE-2026-46384 iskorotkov/avro: Integer Overflow in Avro Decoder

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

8.7CVSS0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Avro 资源管理错误漏洞

Avro is a fast Go Avro decoder developed by hamba. Versions prior to 2.33.0 contained a resource management vulnerability. This vulnerability stemmed from the Avro array and mapping decoders’ tendency to loop through a counter controlled by the attacker without checking the error status of the...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Avro 输入验证错误漏洞

Avro is a fast Go Avro decoder developed by hamba. Versions prior to Avro 2.33.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from multiple Avro decoder paths reading 64-bit values controlled by an attacker and truncating or using overflow signed intege...

8.7CVSS5.9AI score0.00397EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/23 5:41 a.m.5 views

Integer Overflow

github.com/iskorotkov/avro is vulnerable to integer overflow. The vulnerability is due to improper handling of attacker-controlled 64-bit values, integer truncation, and overflow-prone arithmetic in multiple decoder paths, which allows an attacker to exploit untrusted Avro streams to trigger...

8.7CVSS5.9AI score0.00397EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/18 4:33 p.m.8 views

GHSA-W8J3-PQ8G-8M7W iskorotkov/avro: CPU Exhaustion in Decoder

CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration Summary The Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is...

8.7CVSS5.9AI score0.00378EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/18 4:33 p.m.16 views

iskorotkov/avro: CPU Exhaustion in Decoder

CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration Summary The Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is...

8.7CVSS7.2AI score0.00378EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/18 4:22 p.m.5 views

GHSA-MC57-H6J3-3HMV iskorotkov/avro: Integer Overflow in Decoder

Integer Overflow in Avro Decoder Summary Several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets GOARCH=386, arm, mips,...

8.2CVSS5.9AI score0.00397EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/18 4:22 p.m.20 views

iskorotkov/avro: Integer Overflow in Decoder

Integer Overflow in Avro Decoder Summary Several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets GOARCH=386, arm, mips,...

8.7CVSS7.2AI score0.00397EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/18 12:59 p.m.6 views

GHSA-MX64-MJ3Q-7PRJ iskorotkov/avro: Denial-of-Service Vulnerability in Decoder

Memory Exhaustion via Unbounded Map Allocations in Avro Decoder Summary The Avro map decoder accepted attacker-controlled block-element counts from the wire format and grew the destination map without enforcing an upper bound. The slice decoder already had Config.MaxSliceAllocSize for the...

8.7CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 12:59 p.m.19 views

iskorotkov/avro: Denial-of-Service Vulnerability in Decoder

Memory Exhaustion via Unbounded Map Allocations in Avro Decoder Summary The Avro map decoder accepted attacker-controlled block-element counts from the wire format and grew the destination map without enforcing an upper bound. The slice decoder already had Config.MaxSliceAllocSize for the...

7.5CVSS7.1AI score0.00804EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41799

Name of the Vulnerable Software and Affected Versions iskorotkov/avro versions prior to 2.33.0 github.com/hamba/avro/v2 versions prior to 2.32.0 Description Several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before...

8.7CVSS7.2AI score0.00397EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.18 views

PT-2026-41800

Name of the Vulnerable Software and Affected Versions iskorotkov/avro versions prior to 2.33.0 github.com/hamba/avro/v2 versions prior to 2.32.0 Description Remote, unauthenticated denial-of-service occurs due to CPU exhaustion in the Avro array and map decoders. The issue arises because the...

8.7CVSS7AI score0.00378EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/06 2:59 p.m.101 views

avro-oom-compression-poc

Avro Decompression Bomb PoC CWE-409 Proof of concept demons...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:25 p.m.6 views

Security Bulletin: Vulnerability in Apache Avro Java SDK affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Avro Java SDK has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.3CVSS7.1AI score0.00602EPSS
Exploits0Affected Software2
Rows per page
Query Builder