oss-sec mailing list archives
CVE-2022-36125: Apache Avro: Integer overflow when reading corrupted .avro file in Avro Rust SDK
From: Ryan Skraba <rskraba () apache org>
Date: Mon, 08 Aug 2022 19:33:41 +0000
Severity: important Description: It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. Credit: This issue was reported to the Apache Avro team by Evan Richter at ForAllSecure and found with Mayhem.
Current thread:
- CVE-2022-36125: Apache Avro: Integer overflow when reading corrupted .avro file in Avro Rust SDK Ryan Skraba (Aug 08)