Primary

Context

Amazon.IonDotnet Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the Amazon.IonDotnet library, specifically in versions prior to 1.3.2. This issue arises from an infinite loop created by the parser when it encounters specially crafted text input. As a result, a threat actor could potentially cause a service disruption. The library has been deprecated as of August 20, 2025, and will not receive further updates.

Impact

Exploitation of this vulnerability leads to an infinite loop in the text parser, causing a denial-of-service condition by consuming resources and potentially causing the application to become unresponsive.

Remediation

Users are advised to upgrade to Amazon.IonDotnet version 1.3.2, which addresses this vulnerability. For any forked or derivative code, ensure to incorporate the latest fixes.

Added: Oct 9, 2025, 6:18 PM

Updated: Oct 9, 2025, 6:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Amazon.IonDotnet Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating