Описание
It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
Ссылки
- Mailing ListVendor Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.14.0 (исключая)
cpe:2.3:a:apache:avro:*:*:*:*:*:rust:*:*
EPSS
Процентиль: 86%
0.02955
Низкий
7.5 High
CVSS3
Дефекты
CWE-770
CWE-770
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
EPSS
Процентиль: 86%
0.02955
Низкий
7.5 High
CVSS3
Дефекты
CWE-770
CWE-770