CVE-2022-35724

EPSS 0.7%
Veröffentlicht 09.08.2022 07:15:07
Zuletzt bearbeitet 21.11.2024 07:11:33
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 3 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Avro SwPlatformrust Version < 0.14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.7%	0.71

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7p

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-35724

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-35724

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-35724

EUVD