5 matches found
CVE-2023-37475 vulnerabilities
Vulnerabilities for packages: argo-events, argo-events-fips...
CVE-2023-37475 vulnerabilities
Vulnerabilities for packages: argo-events...
CVE-2023-37475 Attacker-controlled parameter can cause denial of service in hamba avro
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...
CVE-2023-37475
CVE-2023-37475 affects the Go library hamba/avro, where a crafted string passed to Unmarshal() can trigger uncontrolled memory allocation, leading to denial of service. Root cause: the Unmarshal() path uses input data to size allocations, allowing memory exhaustion and potential crash. A fix is i...
CVE-2023-37475
creationtimestamp| type| source ---|---|--- 2023-07-16 17:27:09+00:00| published-proof-of-concept| https://github.com/hamba/avro/security/advisories/GHSA-9x44-9pgq-cf45 2023-07-17 20:40:37+00:00| seen| https://t.me/cibsecurity/66852...