20 matches found
ROOT-APP-MAVEN-CVE-2023-39410 CVE-2023-39410 in io.root.org.apache.avro:avro - Patched by Root
Root has patched CVE-2023-39410 in the io.root.org.apache.avro:avro package for Root:Maven. Multiple fixed versions available...
Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-47561,CVE-2023-39410)
Summary There are deserialization of untrusted data and input validation vulnerabilities in Logstash that affect IBM Operations Analytics - Log Analysis. These have been addressed Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to...
Security Bulletin: Vulnerability in Apache Avro Java SDK affects watsonx.data
Summary Apache Avro Java SDK is vulnerable to a denial of service attack, and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK is vulnerable to a denial of service, caused by an unsafe deserialization flaw. By sending specially crafted...
Important: Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update
Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...
Apache Avro Java SDK vulnerable to Improper Input Validation (CVE-2023-39410)
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager IDRM 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 (RHSA-2023:7639)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7639 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel for Quarkus 3.2.0 release (RHBQ 3.2.9.Final)
Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available updates to RHBQ 3.2.9.Final. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products Red Hat Build of Apache Camel fo...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.9 release and security update
A new release of the Red Hat build of Quarkus is now available. This new release comes packed with a host of enhancements, bug fixes, and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...
Security Bulletin: IBM Event Streams is affected by a vulnerability in a component (Apache Avro Java SDK)
Summary avro is used by IBM Event Streams as part of dependencies under Java CVE-2023-39410. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:...
CVE-2023-39410
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...
CVE-2023-39410 vulnerabilities
Vulnerabilities for packages: tez, druid, wavefront-proxy, celeborn...
CVE-2023-39410 vulnerabilities
Vulnerabilities for packages: druid, tez, wavefront-proxy, celeborn...
CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...
CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...
CVE-2023-39410
CVE-2023-39410 describes a memory exhaustion risk when deserializing untrusted data in the Apache Avro Java SDK. Affected: Avro Java SDK up to 1.11.2. Root cause: deserialization can consume memory beyond allowed constraints, leading to out-of-memory DoS. A fix is available in Apache Avro 1.11.3....
CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...