exploitDog

CVE-2022-35724

Опубликовано: 09 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

Ссылки

https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7p
Mailing List
Vendor Advisory
https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7p
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:avro:*:*:*:*:*:rust:*:*

Версия до 0.14.0 (исключая)

EPSS

Процентиль: 71%

0.00698

Низкий

7.5 High

CVSS3

Дефекты

CWE-20

CWE-835

Связанные уязвимости

GHSA-v456-chpw-6mmw

CVSS3: 7.5

github

больше 3 лет назад

Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU

EPSS

Процентиль: 71%

0.00698

Низкий

7.5 High

CVSS3

Дефекты

CWE-20

CWE-835