CVE-2022-36125: Apache Avro: Integer overflow when reading corrupted .avro file in Avro Rust SDK

[Ryan Skraba <rskraba () apache org>]

Severity: important

Description:

It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust 
applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs).  Users should update to 
apache-avro version 0.14.0 which addresses this issue.

Credit:

This issue was reported to the Apache Avro team by Evan Richter at ForAllSecure and found with Mayhem.