CVE-2022-36124 — HIGH (7.5)

Q: How severe is CVE-2022-36124?

CVE-2022-36124 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-36124?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Avro.

Vulnerability Description

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Avro	< 0.14.0

Related Weaknesses (CWE)

CWE-770

References

https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zoMailing ListVendor Advisory
https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zoMailing ListVendor Advisory

FAQ

What is CVE-2022-36124?

CVE-2022-36124 is a vulnerability with a CVSS score of 7.5 (HIGH). It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14...

How severe is CVE-2022-36124?

CVE-2022-36124 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-36124?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Avro.