Multiple vulnerabilities in Apache Avro for Rust



Published: 2022-08-08
Risk Medium
Patch available NO
Number of vulnerabilities 3
CVE-ID CVE-2022-36124
CVE-2022-36125
CVE-2022-35724
CWE-ID CWE-400
CWE-190
CWE-835
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Apache Avro for Rust
Universal components / Libraries / Programming Languages & Components

Vendor The Rust Programming Language

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU66187

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-36124

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Apache Avro for Rust: 0.1.0 - 0.13.0


CPE2.3 External links

http://seclists.org/oss-sec/2022/q3/108

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Integer overflow

EUVDB-ID: #VU66186

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-36125

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Apache Avro for Rust: 0.1.0 - 0.13.0


CPE2.3 External links

http://seclists.org/oss-sec/2022/q3/109

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Infinite loop

EUVDB-ID: #VU66185

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-35724

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Apache Avro for Rust: 0.1.0 - 0.13.0


CPE2.3 External links

http://seclists.org/oss-sec/2022/q3/107

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###