Primary

Context

Amazon.IonDotnet RawBinaryReader Class Infinite Loop Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in the Amazon.IonDotnet library, specifically in versions through 1.3.0. The issue arises in the RawBinaryReader class, where the library fails to validate the number of bytes read from the underlying stream during the deserialization of binary Ion data. This lack of validation can lead to an infinite loop condition, particularly when the Ion data is malformed or truncated, potentially causing a denial-of-service situation.

Impact

Exploitation of this vulnerability creates an infinite loop condition, which can lead to a denial-of-service scenario, causing the application to become unresponsive or unavailable.

Remediation

Users are advised to upgrade to Amazon.IonDotnet version 1.3.1. If any forked or derivative code is in use, it should be patched to incorporate the new fixes.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Amazon.IonDotnet RawBinaryReader Class Infinite Loop Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating