Описание
It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
Ссылки
- Mailing ListVendor Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.14.0 (исключая)
cpe:2.3:a:apache:avro:*:*:*:*:*:rust:*:*
EPSS
Процентиль: 79%
0.01244
Низкий
7.5 High
CVSS3
Дефекты
CWE-20
CWE-190
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Apache Avro Rust SDK corrupted data read can cause crash
EPSS
Процентиль: 79%
0.01244
Низкий
7.5 High
CVSS3
Дефекты
CWE-20
CWE-190