logo

Database

Improper resource allocation In apache.avro

Description

Allocation of Resources Without Limits or Throttling in Apache Avro A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2021-430452. NVD-2021-430453. OSV-2021-430454. GCVE-2021-43045

References

1. https://github.com/apache/avro/pull/13572. https://issues.apache.org/jira/browse/AVRO-32253. https://issues.apache.org/jira/browse/AVRO-32264. https://lists.apache.org/thread/5fttw9vk6gd2p3b846nox7hcj5469xfd5. http://www.openwall.com/lists/oss-security/2022/01/06/8

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.