CVE-2022-36125
Integer overflow when reading corrupted .avro file in Avro Rust SDK
It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
Apache Software Foundation · Apache Avro¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →