CVE-2022-36124

HIGH(7.5)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Risk Signal Score19/100 — NIEDRIG

CVSS 7.5 — Hoch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

7.5

Technische Schwere

Beschreibung

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

GitHub Advisories

GHSA-wcm8-86x6-8mv3HIGH

Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints

rust/apache-avro→ 0.14.0

GitHub Advisory

Referenzen

https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo
https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo