GSA_kwCzR0hTQS13Y204LTg2eDYtOG12M84AAt5X

High EPSS: 0.00518% (0.65697 Percentile) EPSS:

Permalink JSON

Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints

Affected Packages	Affected Versions	Fixed Versions
cargo:apache-avro	< 0.14.0	0.14.0
34 Dependent packages 76 Dependent repositories 5,742,747 Downloads total Affected Version Ranges All affected versions 0.0.1 All unaffected versions 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-36124
https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo
https://github.com/advisories/GHSA-wcm8-86x6-8mv3

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS13Y204LTg2eDYtOG12M84AAt5X

Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API