When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds | Mailing List Vendor Advisory |
https://security.netapp.com/advisory/ntap-20240621-0006/ | |
https://www.openwall.com/lists/oss-security/2023/09/29/6 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2023-09-29T16:23:34.021Z
Updated: 2024-06-26T19:09:26.935Z
Reserved: 2023-07-31T17:55:21.702Z
Link: CVE-2023-39410
JSON object: View
NVD Information
Status : Modified
Published: 2023-09-29T17:15:46.923
Modified: 2024-06-21T19:15:27.883
Link: CVE-2023-39410
JSON object: View
Redhat Information
No data.
CWE