Lucene search
K

143 matches found

Prion
Prion
added 2022/08/09 7:15 a.m.15 views

Design/Logic Flaw

It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

5CVSS7.4AI score0.01353EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/09 6:50 a.m.28 views

CVE-2022-36125 Integer overflow when reading corrupted .avro file in Avro Rust SDK

It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

7.7AI score0.01353EPSS
Exploits0References1
CVE
CVE
added 2022/08/09 6:50 a.m.61 views

CVE-2022-36125

CVE-2022-36125 affects Rust applications using the Apache Avro Rust SDK prior to 0.14.0 (formerly avro-rs). The root cause is an integer overflow when reading corrupted .avro files, leading to a crash/panic. Remediation: upgrade to apache-avro version 0.14.0, which addresses the issue. The vulner...

7.5CVSS7.5AI score0.01353EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/09 6:50 a.m.22 views

CVE-2022-36124 Memory overconsumption in Avro Rust SDK

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

7.7AI score0.01276EPSS
Exploits0References1
CVE
CVE
added 2022/08/09 6:50 a.m.68 views

CVE-2022-36124

The CVE-2022-36124 issue affects the Apache Avro Rust SDK, where a Reader can consume memory beyond allowed constraints, causing system out-of-memory conditions. Concrete details from connected documents show that the vulnerability impacts Rust applications using the Avro Rust SDK prior to versio...

7.5CVSS7.5AI score0.01276EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/09 6:50 a.m.30 views

CVE-2022-35724 Denial of service while reading data in Avro Rust SDK

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

7.6AI score0.01552EPSS
Exploits0References1
CVE
CVE
added 2022/08/09 6:50 a.m.75 views

CVE-2022-35724

CVE-2022-35724 affects Rust applications using the Apache Avro Rust SDK prior to 0.14.0. The issue allows crafted input data to cause the reader to loop in cycles, consuming CPU and enabling denial of service. The fix is upgrading to apache-avro version 0.14.0 (or later). No exploitation details ...

7.5CVSS7.4AI score0.01552EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/08/09 12:0 a.m.5 views

Apache Avro 输入验证错误漏洞

Apache Avro is a data serialization system from the Apache Foundation, Inc. A denial of service vulnerability exists in versions of Apache Avro Rust prior to 0.14.0, which stems from an integer overflow when reading corrupted .avro files in the Avro Rust SDK, and can be exploited by an attacker t...

7.5CVSS5.7AI score0.01353EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/09 12:0 a.m.5 views

Apache Avro 安全漏洞

Apache Avro is a data serialization system of the United States Apache Apache Foundation. It provides data serialization and data exchange services for Apache Hadoop. A security vulnerability exists in Apache Avro Rust SDK prior to version 0.14.0, which originates from consuming more memory than...

7.5CVSS7.4AI score0.01276EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/09 12:0 a.m.4 views

Apache Avro 安全漏洞

Apache Avro is a data serialization system of the United States Apache Apache Foundation. It provides data serialization and data exchange services for Apache Hadoop. A security vulnerability exists in Apache Avro Rust SDK prior to version 0.14.0, which stems from the reader looping endlessly in ...

7.5CVSS7.3AI score0.01552EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/09 12:0 a.m.5 views

PT-2022-23211

Name of the Vulnerable Software and Affected Versions Apache Avro Rust SDK versions prior to 0.14.0 Description The issue allows a Reader to consume memory beyond the allowed constraints, leading to out of memory on the system. This affects Rust applications using the Apache Avro Rust SDK...

7.5CVSS7.1AI score0.01276EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2022/01/19 6:22 p.m.34 views

CVE-2021-43045

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...

7.5CVSS5.6AI score0.0296EPSS
Exploits0References3
OSV
OSV
added 2022/01/08 12:39 a.m.24 views

GHSA-868X-RG4C-CJQG Allocation of Resources Without Limits or Throttling in Apache Avro

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...

7.5CVSS7.4AI score0.0296EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/01/08 12:39 a.m.50 views

Allocation of Resources Without Limits or Throttling in Apache Avro

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...

7.5CVSS5.3AI score0.0296EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2022/01/08 12:0 a.m.29 views

Apache Avro Resource Management Error Vulnerability

Apache Avro is a data serialization system from the Apache Foundation, Inc. A resource management error vulnerability exists in Apache Avro, which stems from the product's .net SDK component not effectively limiting the amount of allocated resources. An attacker could allocate too many resources ...

7.5CVSS3.8AI score0.0296EPSS
Exploits0References1
NVD
NVD
added 2022/01/06 6:15 p.m.28 views

CVE-2021-43045

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...

7.5CVSS0.0296EPSS
Exploits0References2
OSV
OSV
added 2022/01/06 6:15 p.m.1 views

CVE-2021-43045

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...

7.5CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2022/01/06 6:15 p.m.19 views

Design/Logic Flaw

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...

5CVSS7.4AI score0.0296EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/06 6:0 p.m.36 views

CVE-2021-43045 Possible DOS vulnerabilities in C# Avro SDK

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this...

7.8AI score0.0296EPSS
Exploits0References2
CVE
CVE
added 2022/01/06 6:0 p.m.122 views

CVE-2021-43045

CVE-2021-43045: A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service. Affected are .NET applications using Apache Avro 1.10.2 and earlier. Remediation per sources is to upgrade to Avro 1.11.0. Some advisory cont...

7.5CVSS7.4AI score0.0296EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder