PT-2022-22951 · Apache · Apache Avro Rust Sdk

Evan Richter

Published

2022-08-09

Updated

2022-08-15

CVE-2022-35724

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Avro Rust SDK versions prior to 0.14.0

Description It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications.

Recommendations For versions prior to 0.14.0, update to apache-avro version 0.14.0 to address this issue. As a temporary workaround, consider restricting the input data to prevent endless loops until the update is applied.

Fix

Infinite Loop

Allocation of Resources Without Limits

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-770CWE-20

Related Identifiers

CVE-2022-35724

GHSA-V456-CHPW-6MMW

Affected Products

Apache Avro Rust Sdk

PT-2022-22951 · Apache · Apache Avro Rust Sdk

CVE-2022-35724

Weakness Enumeration

Related Identifiers

Affected Products

References · 7