PT-2022-23211 · Apache · Apache Avro Rust Sdk

Evan Richter

Published

2022-08-09

Updated

2022-08-16

CVE-2022-36124

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Avro Rust SDK versions prior to 0.14.0

Description The issue allows a Reader to consume memory beyond the allowed constraints, leading to out of memory on the system. This affects Rust applications using the Apache Avro Rust SDK.

Recommendations For versions prior to 0.14.0, update to apache-avro version 0.14.0 to address this issue.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2022-36124

GHSA-WCM8-86X6-8MV3

PYSEC-2022-43180

Affected Products

Apache Avro Rust Sdk

PT-2022-23211 · Apache · Apache Avro Rust Sdk

CVE-2022-36124

Weakness Enumeration

Related Identifiers

Affected Products

References · 10