CVE-2022-36125

CVE-2022-36125: Integer overflow when reading corrupted .avro file in Avro Rust SDK

Vendor Apache Software Foundation
Product Apache Avro
Weakness CWE-20 · Input validation
Published August 9, 2022
Last update March 6, 2026

CVSS base score

What the vulnerability does

01Description

It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

Key dates

02Disclosure timeline

August 9, 2022 CVE published
March 6, 2026 Record updated