Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/08 8:59 p.m.13 views

CVE-2026-46385

A flaw was found in the Avro array and map decoding logic in Go Avro. The decoder failed to properly stop processing after encountering read errors while iterating over attacker-controlled block-count values, leading to excessive resource consumption. A remote unauthenticated attacker could explo...

8.7CVSS5.2AI score0.00378EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/08 8:59 p.m.11 views

CVE-2026-46384

An integer overflow flaw was found in Go Avro in decoding logic. Multiple decoder paths performs unsafe integer conversions and overflow-prone arithmetic operations on attacker-controlled values from Avro payloads. A remote attacker during Avro decoder operations could exploit this issue using...

8.7CVSS5.3AI score0.00397EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 8:16 p.m.26 views

CVE-2026-46385

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

8.7CVSS0.00378EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:58 p.m.9 views

CVE-2026-46385

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/29 7:58 p.m.10 views

EUVD-2026-33444

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:58 p.m.7 views

CVE-2026-46384

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

8.7CVSS5.9AI score0.00397EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2023/07/17 4:36 p.m.20 views

CVE-2023-37475

Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...

7.5CVSS6.9AI score0.00797EPSS
Exploits1References2
CVE
CVE
added 2023/07/17 4:36 p.m.369 views

CVE-2023-37475

CVE-2023-37475 affects the Go library hamba/avro, where a crafted string passed to Unmarshal() can trigger uncontrolled memory allocation, leading to denial of service. Root cause: the Unmarshal() path uses input data to size allocations, allowing memory exhaustion and potential crash. A fix is i...

7.5CVSS7.3AI score0.00797EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder