Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12NDU2LWNocHctNm1td84AAt5b
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU
It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
Permalink: https://github.com/advisories/GHSA-v456-chpw-6mmwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NDU2LWNocHctNm1td84AAt5b
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-v456-chpw-6mmw, CVE-2022-35724
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-35724
- https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7p
- https://github.com/advisories/GHSA-v456-chpw-6mmw
Affected Packages
cargo:apache-avro
Dependent packages: 18Dependent repositories: 76
Downloads: 1,463,332 total
Affected Version Ranges: < 0.14.0
Fixed in: 0.14.0
All affected versions: 0.0.1
All unaffected versions: 0.14.0, 0.15.0, 0.16.0