CVE-2021-43045

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-43045

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43045.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-43045

Aliases

GHSA-868x-rg4c-cjqg

Downstream

OESA-2023-1950

Published

2022-01-06T18:15:07Z

Modified

2025-09-10T13:07:42.899449Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.

References

Affected packages

Git / github.com/apache/avro

Affected ranges

Type: GIT
Repo: https://github.com/apache/avro
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4e1fefca493029ace961b7ef8889a3722458565a

Affected versions

release-1.*

release-1.11.0-rc1