CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47561 – Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)
https://notcve.org/view.php?id=CVE-2024-47561
03 Oct 2024 — Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue. El análisis de esquemas en el SDK de Java de Apache Avro 1.11.3 y versiones anteriores permite que actores maliciosos ejecuten código arbitrario. Se recomienda a los usuarios actualizar a la versión 1.11.4 o 1.12.0, que solucionan este problema. A vulnerability was found in Apache Avro. The project is affec... • https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-39410 – Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
https://notcve.org/view.php?id=CVE-2023-39410
29 Sep 2023 — When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue. Al deserializar datos corruptos o que no son de confianza, es posible que un lector consuma memoria más allá de las restricciones permitidas y, por lo tanto, provoque una ... • https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36125 – Integer overflow when reading corrupted .avro file in Avro Rust SDK
https://notcve.org/view.php?id=CVE-2022-36125
09 Aug 2022 — It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. Es posible bloquear (hacer entrar en pánico) una aplicación proporcionando un dato corrupto para ser leído. Este problema afecta a las aplicaciones Rust usando el SDK de Apache Avro Rust versiones anteriores a 0.14.0 (anteriormente co... • https://lists.apache.org/thread/t1r5xz0pvhm4tosqopjpj6dz8zlsht07 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36124 – Memory overconsumption in Avro Rust SDK
https://notcve.org/view.php?id=CVE-2022-36124
09 Aug 2022 — It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. Es posible que un Lector consuma memoria más allá de las restricciones permitidas y, por tanto, conlleve a una falta de memoria en el sistema. Este problema afecta a las aplicaciones Rust usando el SD... • https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35724 – Denial of service while reading data in Avro Rust SDK
https://notcve.org/view.php?id=CVE-2022-35724
09 Aug 2022 — It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. Es posible proporcionar datos para ser leídos que conllevan a que el lector haga un bucle en ciclos sin fin, consumiendo CPU. Este problema afecta a las aplicaciones Rust usando el SDK de Apache Avro Rust versiones ... • https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7p • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43045 – Possible DOS vulnerabilities in C# Avro SDK
https://notcve.org/view.php?id=CVE-2021-43045
06 Jan 2022 — A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue. Una vulnerabilidad en el SDK .NET de Apache Avro permite a un atacante asignar recursos excesivos, causando potencialmente un ataque de denegación de servicio. Este problema afecta a las aplicaciones .NET que ... • http://www.openwall.com/lists/oss-security/2022/01/06/8 • CWE-770: Allocation of Resources Without Limits or Throttling •