Sign In

CVE-2023-39410

ADVISORY - github

Summary

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.

This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

EPSS Score: 0.00061 (0.190)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-502

Deserialization of Untrusted Data

ADVISORY - github

CWE-20

Improper Input Validation

CWE-502

Deserialization of Untrusted Data

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-20

Improper Input Validation

CWE-502

Deserialization of Untrusted Data

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-502

Deserialization of Untrusted Data

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2023-39410
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-502

CVSS SCORE

7.5high

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-rhrv-645h-fjfh
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20CWE-502

CVSS SCORE

7.5high

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2023-39410
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

PypA

CREATED

UPDATED

ADVISORY ID

PYSEC-2023-188

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2023-39410

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-20CWE-502CWE-937

CVSS SCORE

7.5high

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2023-39410
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-502

CVSS SCORE

7.5high

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-8q34-h6rx-rrwj

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-ff3h-2v35-524f

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-x2r8-2m8h-66gj

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-87m2-29jp-gv28

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-988j-wh4c-q7v4

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY