PYSEC-2022-43180

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/avro/PYSEC-2022-43180.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2022-43180

Aliases

CVE-2022-36124
GHSA-wcm8-86x6-8mv3

Published

2022-08-09T07:15:07.443Z

Modified

2026-05-19T05:26:03.342442911Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

References

https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo

Affected packages

PyPI / avro

Package

Name: avro; View open source insights on deps.dev
Purl: pkg:pypi/avro

Affected ranges

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/avro/PYSEC-2022-43180.yaml"