PT-2025-45475 · Amazon · Amazon Ion-C
Published
2025-11-07
·
Updated
2025-11-08
·
CVE-2025-12829
CVSS v4.0
6.9
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Amazon Ion-C versions prior to 1.1.4
Description
An uninitialized stack read issue exists that may allow an attacker to craft data and serialize it to Ion text. This could expose sensitive data in memory through UTF-8 escape sequences.
Recommendations
Upgrade to version 1.1.4.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazon Ion-C