logo

Database

Improper resource allocation In apache-avro

Description

Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-357242. NVD-2022-357243. OSV-2022-357244. GCVE-2022-35724

References

1. https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7p

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.