When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
Metrics
Affected Vendors & Products
References
History
Mon, 25 Nov 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat jboss Enterprise Application Platform Eus
|
|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
Vendors & Products |
Redhat jboss Enterprise Application Platform Eus
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-09-29T16:23:34.021Z
Updated: 2024-08-02T18:10:20.868Z
Reserved: 2023-07-31T17:55:21.702Z
Link: CVE-2023-39410
Vulnrichment
Updated: 2024-08-02T18:10:20.868Z
NVD
Status : Modified
Published: 2023-09-29T17:15:46.923
Modified: 2024-11-21T08:15:21.893
Link: CVE-2023-39410
Redhat