Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13Y204LTg2eDYtOG12M84AAt5X
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
Permalink: https://github.com/advisories/GHSA-wcm8-86x6-8mv3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13Y204LTg2eDYtOG12M84AAt5X
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-wcm8-86x6-8mv3, CVE-2022-36124
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-36124
- https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo
- https://github.com/advisories/GHSA-wcm8-86x6-8mv3
Affected Packages
cargo:apache-avro
Dependent packages: 18Dependent repositories: 76
Downloads: 1,463,332 total
Affected Version Ranges: < 0.14.0
Fixed in: 0.14.0
All affected versions: 0.0.1
All unaffected versions: 0.14.0, 0.15.0, 0.16.0