Lucene search
K

143 matches found

Vulnrichment
Vulnrichment
added 2023/09/29 4:23 p.m.19 views

CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

7.5AI score0.01772EPSS
Exploits0References3
CVE
CVE
added 2023/09/29 4:23 p.m.549 views

CVE-2023-39410

CVE-2023-39410 describes a memory exhaustion risk when deserializing untrusted data in the Apache Avro Java SDK. Affected: Avro Java SDK up to 1.11.2. Root cause: deserialization can consume memory beyond allowed constraints, leading to out-of-memory DoS. A fix is available in Apache Avro 1.11.3....

7.5CVSS7.5AI score0.01772EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/09/29 4:23 p.m.31 views

CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

7.8AI score0.01772EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2023/09/29 12:0 a.m.26 views

Deserialization of Untrusted Data

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

7.5CVSS6.8AI score0.01772EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/09/29 12:0 a.m.4 views

Apache Avro Code Issue Vulnerability

Apache Avro is a data serialization system of the United States Apache Apache Foundation. It provides data serialization and data exchange services for Apache Hadoop. A code issue vulnerability exists in Apache Avro Java SDK version 1.11.2 and prior versions, which stems from a reader that may...

7.5CVSS7.1AI score0.01772EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.4 views

SUSE CVE-2022-35724

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

7.5CVSS6.9AI score0.01552EPSS
Exploits0References3
OSV
OSV
added 2022/08/10 12:0 a.m.19 views

GHSA-3W5G-989P-35R8 Apache Avro Rust SDK corrupted data read can cause crash

It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

7.5CVSS7.4AI score0.01353EPSS
Exploits0References3
OSV
OSV
added 2022/08/10 12:0 a.m.20 views

GHSA-WCM8-86X6-8MV3 Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

7.5CVSS7.5AI score0.01276EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/08/10 12:0 a.m.34 views

Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

7.5CVSS7.3AI score0.01276EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/09 7:15 a.m.3 views

CVE-2022-36124

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

7.5CVSS5.8AI score0.01276EPSS
Exploits0References2
OSV
OSV
added 2022/08/09 7:15 a.m.7 views

CVE-2022-35724

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

7.5CVSS5.7AI score0.01552EPSS
Exploits0References1
NVD
NVD
added 2022/08/09 7:15 a.m.20 views

CVE-2022-36124

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

7.5CVSS0.01276EPSS
Exploits0References1
NVD
NVD
added 2022/08/09 7:15 a.m.30 views

CVE-2022-36125

It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

7.5CVSS0.01353EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/09 7:15 a.m.1 views

CVE-2022-35724

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

7.5CVSS7AI score0.01552EPSS
Exploits0References2
OSV
OSV
added 2022/08/09 7:15 a.m.7 views

CVE-2022-36125

It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

7.5CVSS5.7AI score0.01353EPSS
Exploits0References1
PyPA
PyPA
added 2022/08/09 7:15 a.m.6 views

PYSEC-2022-43180

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

7.5CVSS7.1AI score0.01276EPSS
Exploits0References1
NVD
NVD
added 2022/08/09 7:15 a.m.26 views

CVE-2022-35724

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

7.5CVSS0.01552EPSS
Exploits0References1
OSV
OSV
added 2022/08/09 7:15 a.m.7 views

PYSEC-2022-43180

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

7.5CVSS7.1AI score0.01276EPSS
Exploits0References1
Prion
Prion
added 2022/08/09 7:15 a.m.13 views

Design/Logic Flaw

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

5CVSS7.3AI score0.01552EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/08/09 7:15 a.m.20 views

Memory corruption

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

5CVSS7.5AI score0.01276EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder