OESA-2024-1915

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1915

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-1915.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-1915

Upstream

CVE-2023-39410

Published

2024-08-02T11:08:39Z

Modified

2025-08-12T05:39:02.560519Z

Summary

avro security update

Details

Apache Avro is a data serialization system.

Security Fix(es):

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.

This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

(CVE-2023-39410)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / avro

Package

Name: avro
Purl: pkg:rpm/openEuler/avro&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.2-5.oe2003sp4

Ecosystem specific

{
    "aarch64": [
        "avro-1.10.2-5.oe2003sp4.aarch64.rpm"
    ],
    "x86_64": [
        "avro-1.10.2-5.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "avro-1.10.2-5.oe2003sp4.src.rpm"
    ]
}