GSA_kwCzR0hTQS0zdzVnLTk4OXAtMzVyOM4AAt5a

High EPSS: 0.00213% (0.44167 Percentile) EPSS:

Permalink JSON

Apache Avro Rust SDK corrupted data read can cause crash

Affected Packages	Affected Versions	Fixed Versions
cargo:apache-avro	< 0.14.0	0.14.0
34 Dependent packages 76 Dependent repositories 5,742,747 Downloads total Affected Version Ranges All affected versions 0.0.1 All unaffected versions 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0

It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-36125
https://lists.apache.org/thread/t1r5xz0pvhm4tosqopjpj6dz8zlsht07
https://github.com/advisories/GHSA-3w5g-989p-35r8

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS0zdzVnLTk4OXAtMzVyOM4AAt5a

Apache Avro Rust SDK corrupted data read can cause crash

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API