Bug 2042576 (CVE-2021-43045) - CVE-2021-43045 apache-avro: allows attackers to allocate excessive resources potentially causing a DoS
Summary: CVE-2021-43045 apache-avro: allows attackers to allocate excessive resources ...
Keywords:
Status: NEW
Alias: CVE-2021-43045
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2042577
TreeView+ depends on / blocked
 
Reported: 2022-01-19 18:10 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-02-01 03:42 UTC (History)
52 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2022-01-19 18:10:37 UTC 
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.

References:
https://lists.apache.org/thread/5fttw9vk6gd2p3b846nox7hcj5469xfd
http://www.openwall.com/lists/oss-security/2022/01/06/8
Comment 1 juneau 2022-01-21 15:52:49 UTC 
Removed services-service-registry from affects; affected version not found in manifest(s).
Note You need to log in before you can comment on or make changes to this bug.