CVE-2023-39410

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*

History

21 Jun 2024, 19:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240621-0006/ -

06 Oct 2023, 17:58

Type Values Removed Values Added
References (MISC) https://www.openwall.com/lists/oss-security/2023/09/29/6 - (MISC) https://www.openwall.com/lists/oss-security/2023/09/29/6 - Mailing List, Third Party Advisory

04 Oct 2023, 09:15

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2023/09/29/6', 'name': 'http://www.openwall.com/lists/oss-security/2023/09/29/6', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MISC'}
  • (MISC) https://www.openwall.com/lists/oss-security/2023/09/29/6 -

03 Oct 2023, 20:00

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References (MISC) http://www.openwall.com/lists/oss-security/2023/09/29/6 - (MISC) http://www.openwall.com/lists/oss-security/2023/09/29/6 - Mailing List, Third Party Advisory
References (MISC) https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds - (MISC) https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds - Mailing List, Vendor Advisory
CPE cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*
First Time Apache
Apache avro
CWE CWE-20 CWE-502

29 Sep 2023, 18:15

Type Values Removed Values Added
References
  • (MISC) http://www.openwall.com/lists/oss-security/2023/09/29/6 -

29 Sep 2023, 17:27

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-29 17:15

Updated : 2024-06-21 19:15


NVD link : CVE-2023-39410

Mitre link : CVE-2023-39410

CVE.ORG link : CVE-2023-39410


JSON object : View

Products Affected

apache

  • avro
CWE
CWE-502

Deserialization of Untrusted Data