CVE-2022-35724

HIGH

Apache Avro Rust SDK <0.14.0 - DoS

Title source: llm

Description

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

References (1)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/771z1nwrpkn1ovmyfb2fm65mchdxgy7p

Scores

CVSS v3 7.5

EPSS 0.0070

EPSS Percentile 72.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-770 CWE-20 CWE-835

Status published

Products (2)

apache/avro < 0.14.0

crates.io/apache-avro 0 - 0.14.0crates.io

Published Aug 09, 2022

Tracked Since Feb 18, 2026