CVE-2022-36124

EUVD-2022-6639
It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
apacheavro
𝑥
< 0.14.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo
https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo