CVE-2022-36124

HIGH
Published Aug 9, 20223y ago · Modified Jun 23, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Aug 9, 2022 3y ago
Last Modified Jun 23, 2026 1w ago

Description

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-770

Affected Products 1

VendorProductVersionRange
apacheavro* <0.14.0

References 1

  • lists.apache.org https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo
    Mailing ListVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.