<p>There is no fixed version for <code>flavray/avro-rs</code>.</p>

Allocation of Resources Without Limits or Throttling Affecting flavray/avro-rs package, versions *

Snyk CVSS

Attack Complexity Low

User Interaction Required

Availability High

Threat Intelligence

EPSS 0.22% (61^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUST-FLAVRAYAVRORS-2977033
published 9 Aug 2022
disclosed 9 Aug 2022
credit Evan Richter at ForAllSecure

Report a new vulnerability Found a mistake?

Introduced: 9 Aug 2022

CVE-2022-36124 Open this link in a new tab CWE-770 Open this link in a new tab

How to fix?

There is no fixed version for flavray/avro-rs.

Overview

flavray/avro-rs is a library for working with Apache Avro in Rust

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the possibility for a Reader to consume memory beyond the allowed constraints.

Note:

The Avro-rs package has migrated to the Apache Avro package, it is recommended to use Apache Avro instead, as it addresses this issue.

References

Apache Security Thread