When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
History

Mon, 25 Nov 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Eus
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-09-29T16:23:34.021Z

Updated: 2024-08-02T18:10:20.868Z

Reserved: 2023-07-31T17:55:21.702Z

Link: CVE-2023-39410

cve-icon Vulnrichment

Updated: 2024-08-02T18:10:20.868Z

cve-icon NVD

Status : Modified

Published: 2023-09-29T17:15:46.923

Modified: 2024-11-21T08:15:21.893

Link: CVE-2023-39410

cve-icon Redhat

Severity : Important

Publid Date: 2023-09-29T00:00:00Z

Links: CVE-2023-39410 - Bugzilla