CVE-2022-36124
HIGH
Published Aug 9, 20223y ago · Modified Jun 23, 20261w ago
7.5 CVSS 3.1
Published Aug 9, 2022 3y ago
Last Modified Jun 23, 2026 1w ago
Description
It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-770
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| apache | avro | * | <0.14.0 |
References 1
- lists.apache.org https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.