CVE-2022-35724 — HIGH (7.5)

Q: How severe is CVE-2022-35724?

CVE-2022-35724 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-35724?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Avro.

Vulnerability Description

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Avro	< 0.14.0

Related Weaknesses (CWE)

CWE-20 CWE-770 CWE-835

References

https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7pMailing ListVendor Advisory
https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7pMailing ListVendor Advisory

FAQ

What is CVE-2022-35724?

CVE-2022-35724 is a vulnerability with a CVSS score of 7.5 (HIGH). It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously ...

How severe is CVE-2022-35724?

CVE-2022-35724 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-35724?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Avro.