You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@avro.apache.org by Ryan Skraba <rs...@apache.org> on 2022/08/08 19:33:41 UTC
CVE-2022-36125: Apache Avro: Integer overflow when reading corrupted .avro file in Avro Rust SDK
Severity: important
Description:
It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
Credit:
This issue was reported to the Apache Avro team by Evan Richter at ForAllSecure and found with Mayhem.