apache-avro

crates.io3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting apache-avropage 1 of 1

CVE-2022-35724HIGHCVSS 7.5EG 7.5✓ Fixed in 0.14.0
2022-08-09
It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update …
CVE-2022-36124HIGHCVSS 7.5EG 7.5✓ Fixed in 0.14.0
2022-08-09
It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users…
CVE-2022-36125HIGHCVSS 7.5EG 7.5✓ Fixed in 0.14.0
2022-08-09
It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro vers…

Check whether apache-avro is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for apache-avro CVEs against the assets you own.

Start Free Scan →