Vendor

Hamba

1 brief RSS

Avro Map Decoder Vulnerable to Denial-of-Service via Unbounded Memory Allocation

The Avro map decoder accepted attacker-controlled block-element counts, leading to unbounded map growth and potential denial-of-service via memory exhaustion; upgrading to v2.33.0 requires explicit configuration of MaxMapAllocSize to mitigate the vulnerability.

avro +1 denial-of-service memory-exhaustion data-serialization

2r 1t 2d ago