Lucene search

ApacheCVE-2021-43045

HistoryJan 06, 2022 - 6:15 p.m.

CVE-2021-43045

2022-01-0618:15:07

CWE-770

apache

web.nvd.nist.gov

apache avro

.net sdk

vulnerability

denial-of-service

cve-2021-43045

update

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

50.6%

JSON

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.

Affected configurations

Nvd

Vulners

Node

apacheavroRange<1.11.0.net

VendorProductVersionCPE
apacheavro*cpe:2.3:a:apache:avro:*:*:*:*:*:.net:*:*

Vendor	Product	Version	CPE
apache	avro	*	cpe:2.3:a:apache:avro::::::.net::*

CNA Affected

[
  {
    "platforms": [
      ".NET"
    ],
    "product": "Apache Avro",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.10.2",
        "status": "affected",
        "version": "Apache Avro",
        "versionType": "custom"
      }
    ]
  }
]