What is GHSA-wcm8-86x6-8mv3?

GHSA-wcm8-86x6-8mv3 is a security advisory published by GitHub Security Advisories with High severity. Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints

Which CVE IDs does GHSA-wcm8-86x6-8mv3 cover?

GHSA-wcm8-86x6-8mv3 covers the following CVE IDs: CVE-2022-36124. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-wcm8-86x6-8mv3?

GHSA-wcm8-86x6-8mv3 has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

Which products are affected by GHSA-wcm8-86x6-8mv3?

GHSA-wcm8-86x6-8mv3 affects 1 product, including: rust/apache-avro:\u003c 0.14.0.

GHSA-wcm8-86x6-8mv3HighCVSS 7.5

Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints

Vendor

GitHub Security Advisories

Published

August 10, 2022

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2022-36124 →

📋 Description

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

🎯 Affected products1

rust/apache-avro:< 0.14.0

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2022-36124
https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo
https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2022-43180.yaml
https://github.com/advisories/GHSA-wcm8-86x6-8mv3