CVE-2022-36125

描述

It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

受影響套件(1)

• crates.io/apache-avrofrom 0, < 0.14.0

CVSS 分數

參考連結(3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-36125
• PATCHhttps://github.com/a0x8o/avro
• WEBhttps://lists.apache.org/thread/t1r5xz0pvhm4tosqopjpj6dz8zlsht07