13 matches found
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...
EUVD-2023-2020
Malicious code in bioql PyPI...
CVE-2023-37475
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...
Denial Of Service (DoS)
github.com/hamba/avro is vulnerable to Denial Of Service DoS. The vulnerability exists in the ReadString function of reader.go because config.go does not properly restrict the maximum size of bytes and string types, allowing an attacker to cause an application crash by providing a maliciously...
CVE-2023-37475
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...
Code injection
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...
CVE-2023-37475 Attacker-controlled parameter can cause denial of service in hamba avro
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...
CVE-2023-37475
CVE-2023-37475 affects the Go library hamba/avro, where a crafted string passed to Unmarshal() can trigger uncontrolled memory allocation, leading to denial of service. Root cause: the Unmarshal() path uses input data to size allocations, allowing memory exhaustion and potential crash. A fix is i...
CVE-2023-37475 Attacker-controlled parameter can cause denial of service in hamba avro
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...
CVE-2023-37475 Attacker-controlled parameter can cause denial of service in hamba avro
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...
CVE-2023-37475
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...
Hamba avro 资源管理错误漏洞
Avro is a fast Go Avro codec in the hamba open source. A resource management error vulnerability exists in Hamba avro that stems from using partial input from Unmarshal to determine the size when creating a new slice, allowing an arbitrary amount of memory to be consumed, causing the program to...
PT-2023-25986
Name of the Vulnerable Software and Affected Versions github.com/hamba/avro versions prior to 2.13.0 Description A well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...