143 matches found
Design/Logic Flaw
It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...
CVE-2022-36125 Integer overflow when reading corrupted .avro file in Avro Rust SDK
It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...
CVE-2022-36125
CVE-2022-36125 affects Rust applications using the Apache Avro Rust SDK prior to 0.14.0 (formerly avro-rs). The root cause is an integer overflow when reading corrupted .avro files, leading to a crash/panic. Remediation: upgrade to apache-avro version 0.14.0, which addresses the issue. The vulner...
CVE-2022-36124 Memory overconsumption in Avro Rust SDK
It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...
CVE-2022-36124
The CVE-2022-36124 issue affects the Apache Avro Rust SDK, where a Reader can consume memory beyond allowed constraints, causing system out-of-memory conditions. Concrete details from connected documents show that the vulnerability impacts Rust applications using the Avro Rust SDK prior to versio...
CVE-2022-35724 Denial of service while reading data in Avro Rust SDK
It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...
CVE-2022-35724
CVE-2022-35724 affects Rust applications using the Apache Avro Rust SDK prior to 0.14.0. The issue allows crafted input data to cause the reader to loop in cycles, consuming CPU and enabling denial of service. The fix is upgrading to apache-avro version 0.14.0 (or later). No exploitation details ...
Apache Avro 输入验证错误漏洞
Apache Avro is a data serialization system from the Apache Foundation, Inc. A denial of service vulnerability exists in versions of Apache Avro Rust prior to 0.14.0, which stems from an integer overflow when reading corrupted .avro files in the Avro Rust SDK, and can be exploited by an attacker t...
Apache Avro 安全漏洞
Apache Avro is a data serialization system of the United States Apache Apache Foundation. It provides data serialization and data exchange services for Apache Hadoop. A security vulnerability exists in Apache Avro Rust SDK prior to version 0.14.0, which originates from consuming more memory than...
Apache Avro 安全漏洞
Apache Avro is a data serialization system of the United States Apache Apache Foundation. It provides data serialization and data exchange services for Apache Hadoop. A security vulnerability exists in Apache Avro Rust SDK prior to version 0.14.0, which stems from the reader looping endlessly in ...
PT-2022-23211
Name of the Vulnerable Software and Affected Versions Apache Avro Rust SDK versions prior to 0.14.0 Description The issue allows a Reader to consume memory beyond the allowed constraints, leading to out of memory on the system. This affects Rust applications using the Apache Avro Rust SDK...
CVE-2021-43045
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...
GHSA-868X-RG4C-CJQG Allocation of Resources Without Limits or Throttling in Apache Avro
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...
Allocation of Resources Without Limits or Throttling in Apache Avro
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...
Apache Avro Resource Management Error Vulnerability
Apache Avro is a data serialization system from the Apache Foundation, Inc. A resource management error vulnerability exists in Apache Avro, which stems from the product's .net SDK component not effectively limiting the amount of allocated resources. An attacker could allocate too many resources ...
CVE-2021-43045
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...
CVE-2021-43045
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...
Design/Logic Flaw
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...
CVE-2021-43045 Possible DOS vulnerabilities in C# Avro SDK
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...
CVE-2021-43045
CVE-2021-43045: A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service. Affected are .NET applications using Apache Avro 1.10.2 and earlier. Remediation per sources is to upgrade to Avro 1.11.0. Some advisory cont...