GSA_kwCzR0hTQS12NDU2LWNocHctNm1td84AAt5b

High EPSS: 0.00214% (0.44192 Percentile) EPSS:

Permalink JSON

Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU

Affected Packages	Affected Versions	Fixed Versions
cargo:apache-avro	< 0.14.0	0.14.0
34 Dependent packages 76 Dependent repositories 5,742,747 Downloads total Affected Version Ranges All affected versions 0.0.1 All unaffected versions 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-35724
https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7p
https://github.com/advisories/GHSA-v456-chpw-6mmw

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS12NDU2LWNocHctNm1td84AAt5b

Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API