Lucene search
ApacheVULNRICHMENT:CVE-2023-39410HistorySep 29, 2023 - 4:23 p.m.
CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
2023-09-2916:23:34
CWE-502
apache
github.com
cve-2023-39410
apache avro java sdk
memory consumption
deserialization
out of memory
java applications
update to apache-avro version 1.11.3
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Avro Java SDK",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.11.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cgr
cgr
CVE-2023-39410 vulnerabilities
2024-05-19 03:07:16
osv
osv
Apache Avro Java SDK vulnerable to Improper Input Validation
2023-09-29 18:30:22
PYSEC-2023-188
2023-09-29 17:15:00
atlassian
atlassian
github
github
Apache Avro Java SDK vulnerable to Improper Input Validation
2023-09-29 18:30:22
ibm
ibm
nessus
nessus
wolfi
wolfi
CVE-2023-39410 vulnerabilities
2024-07-01 09:08:36
alpinelinux
alpinelinux
CVE-2023-39410
2023-09-29 17:15:46
gitlab
gitlab
Deserialization of Untrusted Data
2023-09-29 00:00:00
cvelist
cvelist
veracode
veracode
Denial Of Service (DoS)
2023-10-05 06:04:41
redhatcve
redhatcve
CVE-2023-39410
2023-10-09 19:55:01
nvd
nvd
CVE-2023-39410
2023-09-29 17:15:46
prion
prion
Design/Logic Flaw
2023-09-29 17:15:00
cve
cve
CVE-2023-39410
2023-09-29 17:15:46
broadcom
broadcom
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
6.8 Medium
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
82.0%
Related for VULNRICHMENT:CVE-2023-39410