CVE-2023-39410— Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

N/A

可信数据的反序列化

Apache Avro 代码问题漏洞

Apache Avro是美国阿帕奇（Apache）基金会的一个数据序列化系统。为 Apache Hadoop 提供数据序列化和数据交换服务。 Apache Avro Java SDK 1.11.2版本及之前版本存在代码问题漏洞，该漏洞源于读取器可能会消耗超出允许限制的内存，从而导致系统内存不足。

N/A

N/A