Avro Security Vulnerabilities and Issues — Avro CVE List

ApacheAvro

7 matches found

CVE•added 2023/09/29 4:23 p.m.•531 views

CVE-2023-39410

CVE-2023-39410 describes a memory exhaustion risk when deserializing untrusted data in the Apache Avro Java SDK. Affected: Avro Java SDK up to 1.11.2. Root cause: deserialization can consume memory beyond allowed constraints, leading to out-of-memory DoS. A fix is available in Apache Avro 1.11.3....

7.5CVSS7.5AI score0.00072EPSS

CVE•added 2024/10/03 10:23 a.m.•365 views

CVE-2024-47561

The CVE-2024-47561 entry concerns Apache Avro Java SDK (affected: 1.11.3 and earlier). The root cause is schema parsing in the Java SDK, which could allow bad actors to execute arbitrary code when processing certain schemas. Impact is high: remote code execution via network-facing components, con...

9.2CVSS8.1AI score0.00674EPSS

CVE•added 2022/01/06 6:0 p.m.•116 views

CVE-2021-43045

CVE-2021-43045: A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service. Affected are .NET applications using Apache Avro 1.10.2 and earlier. Remediation per sources is to upgrade to Avro 1.11.0. Some advisory cont...

7.5CVSS7.4AI score0.0037EPSS

CVE•added 2022/08/09 6:50 a.m.•72 views

CVE-2022-35724

CVE-2022-35724 affects Rust applications using the Apache Avro Rust SDK prior to 0.14.0. The issue allows crafted input data to cause the reader to loop in cycles, consuming CPU and enabling denial of service. The fix is upgrading to apache-avro version 0.14.0 (or later). No exploitation details ...

7.5CVSS7.4AI score0.00698EPSS

CVE•added 2022/08/09 6:50 a.m.•61 views

CVE-2022-36124

The CVE-2022-36124 issue affects the Apache Avro Rust SDK, where a Reader can consume memory beyond allowed constraints, causing system out-of-memory conditions. Concrete details from connected documents show that the vulnerability impacts Rust applications using the Avro Rust SDK prior to versio...

7.5CVSS7.5AI score0.02955EPSS

CVE•added 2022/08/09 6:50 a.m.•54 views

CVE-2022-36125

CVE-2022-36125 affects Rust applications using the Apache Avro Rust SDK prior to 0.14.0 (formerly avro-rs). The root cause is an integer overflow when reading corrupted .avro files, leading to a crash/panic. Remediation: upgrade to apache-avro version 0.14.0, which addresses the issue. The vulner...

7.5CVSS7.5AI score0.01244EPSS

CVE•added 2026/02/13 11:47 a.m.•24 views

CVE-2025-33042

CVE-2025-33042 : Improper control of generation of code (Code Injection) in the Apache Avro Java SDK. Affects all versions up to 1.11.4 and 1.12.0; upgrading to 1.12.1 or 1.11.5 fixes the issue. CVSS v3.1 base score 7.3 (HIGH). Connected IBM advisories confirm the same vulnerability and the recom...

7.3CVSS5.5AI score0.00057EPSS