{"schema_version": "1.6.1", "id": "CVE-2022-36125", "summary": "Integer overflow when reading corrupted .avro file in Avro Rust SDK", "details": "It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs).  Users should update to apache-avro version 0.14.0 which addresses this issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "unspecified"}, {"fixed": "0.14.0"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/t1r5xz0pvhm4tosqopjpj6dz8zlsht07"}]}