PT-2022-23212 · Apache · Apache Avro Rust Sdk

Evan Richter

Published

2022-08-09

Updated

2026-03-06

CVE-2022-36125

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Avro Rust SDK versions prior to 0.14.0

Description It is possible to crash an application by providing corrupted data to be read. This issue affects Rust applications using the Apache Avro Rust SDK.

Recommendations For versions prior to 0.14.0, update to apache-avro version 0.14.0 to address this issue.

Fix

Integer Overflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-20

Related Identifiers

CVE-2022-36125

GHSA-3W5G-989P-35R8

Affected Products

Apache Avro Rust Sdk

PT-2022-23212 · Apache · Apache Avro Rust Sdk

CVE-2022-36125

Weakness Enumeration

Related Identifiers

Affected Products

References · 8