CVE-2022-35724: Denial of service while reading data in Avro Rust SDK
First published: Tue Aug 09 2022(Updated: )
It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Avro | <0.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-35724?
CVE-2022-35724 is considered a high severity vulnerability due to its potential to cause CPU consumption through endless loops.
How do I fix CVE-2022-35724?
To fix CVE-2022-35724, update your Apache Avro Rust SDK to version 0.14.0 or later.
Which versions of Apache Avro Rust SDK are affected by CVE-2022-35724?
CVE-2022-35724 affects Apache Avro Rust SDK versions prior to 0.14.0.
What types of applications are impacted by CVE-2022-35724?
CVE-2022-35724 impacts Rust applications that use the Apache Avro Rust SDK.
What are the potential consequences of CVE-2022-35724?
The potential consequences of CVE-2022-35724 include significant CPU utilization and application performance degradation.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache avro