apache-avro (crates.io) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the crates.io package apache-avro, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2022-35724 — CVSS 7.5 (high): It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust…
CVE-2022-36124 — CVSS 7.5 (high): It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue…
CVE-2022-36125 — CVSS 7.5 (high): It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache…