CVE-2026-46385 is a high-severity denial-of-service vulnerability in the iskorotkov/avro Go library, a fast Avro codec implementation. The flaw exists in versions prior to 2.33.0 and stems from improper error handling in array and map decoders. Specifically, the decoder loops over an attacker-controlled block-count value without checking the underlying reader's error state within the loop body. Because Re [truncated]
CVE-2026-46384 is a HIGH-severity vulnerability (CVSS 4.0: 8.7) in the iskorotkov/avro Go Avro codec library, affecting versions prior to 2.33.0. The vulnerability stems from improper handling of attacker-controlled 64-bit values in Avro decoder paths, with distinct impact profiles across 32-bit and 64-bit platforms. On 32-bit architectures (GOARCH=386, arm, mips, wasm, etc.), 64-bit values are narrowed t [truncated]
