CVE-2025-3857— Infinite loop condition in Amazon.IonDotnet
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-3857
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Infinite loop condition in Amazon.IonDotnet
Source: NVD (National Vulnerability Database)
Vulnerability Description
When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service. Users should upgrade to Amazon.IonDotnet version 1.3.1 and ensure any forked or derivative code is patched to incorporate the new fixes.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不可达退出条件的循环(无限循环)
Source: NVD (National Vulnerability Database)
Vulnerability Title
ion-dotnet 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ion-dotnet是amazon-ion开源的一个A.NET实现的Amazon Ion。 ion-dotnet 1.3.1之前版本存在安全漏洞,该漏洞源于RawBinaryReader类未检查读取字节数,可能导致无限循环和拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Amazon | Amazon Ion Dotnet | 0 ~ 1.3.1 | - |
II. Public POCs for CVE-2025-3857
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-3857
请登录查看更多情报信息。
- CVE-2025-3857 - Infinite loop condition in Amazon.IonDotnetvendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-3857
IV. Related Vulnerabilities
Same vendor: Amazon
- CVE-2026-8178
Remote Code Execution via Unsafe Class Loading in Amazon Red - CVE-2026-7791
Amazon WorkSpaces 安全漏洞 - CVE-2026-6437
AWS EFS CSI Driver Mount Option Injection - CVE-2026-35558
Improper neutralization of special elements in authenticatio - CVE-2026-35559
Out-of-bounds write in query processing components in Amazon
Same weakness: CWE-835
- CVE-2026-42310
Pillow: PDF Parsing Trailer Infinite Loop (DoS) - CVE-2026-41511
OpenMcdf has an Infinite loop DoS via crafted CFB directory - CVE-2026-5407
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi - CVE-2026-6536
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi - CVE-2026-6534
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi
V. Comments for CVE-2025-3857
No comments yet