Primary

Context

Amazon Ion-C Uninitialized Stack Read Vulnerability Allowing Memory Disclosure

Vulnerability

Patched

A vulnerability exists in Amazon Ion-C versions prior to 1.1.4, where an uninitialized stack read could lead to the exposure of sensitive data in memory. This issue allows a threat actor to craft data and serialize it to Ion text, potentially revealing private information through UTF-8 escape sequences.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive memory data.

Remediation

Users are advised to upgrade to Amazon Ion-C version 1.1.4. It is also recommended to only accept data from trusted sources that have been written using a supported Ion library.

Added: Nov 7, 2025, 6:26 PM

Updated: Nov 7, 2025, 7:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Amazon Ion-C Uninitialized Stack Read Vulnerability Allowing Memory Disclosure

Vulnerability

Impact

Remediation

Affected Products

Amazon Ion-C

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating