Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-36124

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

Published

2022-08-09T07:15:07.443

Last Modified

2024-11-21T07:12:26.917

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-770
Type: Primary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	avro	< 0.14.0	Yes

References

https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo Mailing List, Vendor Advisory ([email protected])
https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)