CVE-2023-39410

ADVISORY - github

Summary

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.

This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

EPSS Score⁠: 0.00061 (0.190)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-502⁠

Deserialization of Untrusted Data

ADVISORY - github

CWE-20⁠

Improper Input Validation

CWE-502⁠

Deserialization of Untrusted Data

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-20⁠

Improper Input Validation

CWE-502⁠

Deserialization of Untrusted Data

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-502⁠

Deserialization of Untrusted Data

Impacted images

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.