CVE-2022-36124

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

Design/Logic Flaw

It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

Memory corruption

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

CVE-2022-36125

CVE-2022-36125 affects Rust applications using the Apache Avro Rust SDK prior to 0.14.0 (formerly avro-rs). The root cause is an integer overflow when reading corrupted .avro files, leading to a crash/panic. Remediation: upgrade to apache-avro version 0.14.0, which addresses the issue. The vulner...

CVE-2022-36125 Integer overflow when reading corrupted .avro file in Avro Rust SDK

It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

CVE-2022-36125 Integer overflow when reading corrupted .avro file in Avro Rust SDK

It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

CVE-2022-36124 Memory overconsumption in Avro Rust SDK

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

CVE-2022-36124

The CVE-2022-36124 issue affects the Apache Avro Rust SDK, where a Reader can consume memory beyond allowed constraints, causing system out-of-memory conditions. Concrete details from connected documents show that the vulnerability impacts Rust applications using the Avro Rust SDK prior to versio...

CVE-2022-35724 Denial of service while reading data in Avro Rust SDK

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

CVE-2022-35724

CVE-2022-35724 affects Rust applications using the Apache Avro Rust SDK prior to 0.14.0. The issue allows crafted input data to cause the reader to loop in cycles, consuming CPU and enabling denial of service. The fix is upgrading to apache-avro version 0.14.0 (or later). No exploitation details ...

Apache Avro 输入验证错误漏洞

Apache Avro is a data serialization system from the Apache Foundation, Inc. A denial of service vulnerability exists in versions of Apache Avro Rust prior to 0.14.0, which stems from an integer overflow when reading corrupted .avro files in the Avro Rust SDK, and can be exploited by an attacker t...

Apache Avro 安全漏洞

Apache Avro is a data serialization system of the United States Apache Apache Foundation. It provides data serialization and data exchange services for Apache Hadoop. A security vulnerability exists in Apache Avro Rust SDK prior to version 0.14.0, which originates from consuming more memory than...

PT-2022-23211 · Apache · Apache Avro Rust Sdk

Name of the Vulnerable Software and Affected Versions: Apache Avro Rust SDK versions prior to 0.14.0 Description: The issue allows a Reader to consume memory beyond the allowed constraints, leading to out of memory on the system. This affects Rust applications using the Apache Avro Rust SDK...

Apache Avro 安全漏洞

Apache Avro is a data serialization system of the United States Apache Apache Foundation. It provides data serialization and data exchange services for Apache Hadoop. A security vulnerability exists in Apache Avro Rust SDK prior to version 0.14.0, which stems from the reader looping endlessly in ...

ROS-20220804-01

A vulnerability in the Rust language standard library is related to the race condition in the std::fs::removedirall function. Exploitation of the vulnerability could allow an attacker acting remotely to achieve deletion of arbitrary system files and directories that an attacker would not normally...

Manjusaka – Cybercriminal’s new attack framework weapon

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Manjusaka is a new attack framework that mimics Cobalt Strike and Sliver. The new malware family implants are written in the Rust programming language and are compatible with Windows and Linux. The command and...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +608 more potentially affected by CVE-2022-35737 via libsqlite3-sys (>=0.0.10 <=0.24.2)

libsqlite3-sys CARGO version =0.0.10, =0.1.0, =0.1.0, =0.1.0, =0.5.0, =0.0.1, =0.1.0, =0.0.2, =0.2.11, =0.1.0, =0.1.2 and more Source cves: CVE-2022-35737 Source advisory: OSV:RUSTSEC-2022-0090...

Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike

Researchers have disclosed a new offensive framework referred to as Manjusaka that they call is a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control C2, written in Golang with a User Interface in Simplified Chinese, is freely available and can...

Manjusaka: A Chinese sibling of Sliver and Cobalt Strike

By Asheer Malhotra and Vitor Ventura. Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants...

CVE-2022-35922

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...