HIGHpublic-safe

CVE-2022-36124

NVD: It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. NVD: This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). NVD: Users should update to apache-avro version 0.14.0 which addresses this issue.

CVSS
7.5 Severity
HIGH EPSS
0.0128 (66) KEV
-

Source-published summary

Possible impact

This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for high severity review.

Affected context

vendor/product: apache / avro

Remediation / advisory

Remediation reference present; patch status requires confirmation in the linked advisory.

Why it matters

This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for high severity review.; CVSS 7.5 (HIGH); EPSS percentile 66; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD, Vendor Advisory.

What to verify

Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.

Exposure hint

exposure unknown

Impact tags

明示タグなし

Urgency reasons

CVSS HIGHaffected product presentvendor advisory presentrecent updateremediation reference present

Source-derived note

Summary derived from NVD / Vendor Advisory description; unsafe procedural detail is not shown.

Redaction metadata

source summary used: True
fallback summary used: False
unsafe procedural detail present: false
raw source displayed: false
public summary redacted: true

Remediation handoff

Public-safe static handoff for human/Codex remediation planning. Scan, patch, external execution, and auto remediation are disabled.

Handoff JSON Handoff Markdown Safe Codex prompt

Safety note

This radar shows source-published defensive context only. Exploit procedures, exploit strings, scanner commands, and auto-remediation are not provided.