- Description
- When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service. Users should upgrade to Amazon.IonDotnet version 1.3.1 and ensure any forked or derivative code is patched to incorporate the new fixes.
- Source
- ff89ba41-3aa1-4d27-914a-91399e9639e5
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- ff89ba41-3aa1-4d27-914a-91399e9639e5
- CWE-502
- Hype score
- Not currently trending
CVE-2025-3857 (CVSS:8.7, HIGH) is Awaiting Analysis. When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check t..https://t.co/BDZUX7KKc1 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
26 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3857 🔴 HIGH (8.7) 🏢 Amazon - Amazon Ion Dotnet 🏗️ 0 🔗 https://t.co/T1OwiUNL4q 🔗 https://t.co/FYWBGkl7ML #CyberCron #VulnAlert #InfoSec https://t.co/HlUtc9VmzY
@cybercronai
22 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3857 - Amazon.IonDotnet (ion-dotnet) infinite loop condition on the RawBinaryReader class. Impacted versions: <=1.3.0 https://t.co/h3MfSwfM2z https://t.co/YSNK9xGHmJ
@gothburz
22 Apr 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3857: Infinite loop vulnerability in Amazon.IonDotnet poses a risk of denial of service. Upgrade to the latest version to mitigate the issue. 🔧 Read more: https://t.co/rPleqrTcJP #AmazonIonDotnet #CVE20253857 #Vulnerability #CyberSecurity #Vulert #PatchNow 🛡️ http
@vulert_official
22 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3857: HIGH] Vulnerability alert: Amazon.IonDotnet deserialization can lead to infinite loop & denial of service due to flawed data checking. Update to version 1.3.1 for fix.#cve,CVE-2025-3857,#cybersecurity https://t.co/epIZM839SS https://t.co/1iXozbMzF1
@CveFindCom
22 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical #DoS vulnerability (CVE-2025-3857) in Amazon.IonDotnet allows attackers to trigger infinite loops via malformed Ion data. No auth required. Affects all versions before 1.3.1. Patch now. 🔧 Details: https://t.co/7mjK1kukzV #infosec #cybersecurity #vulnerability
@threatsbank
22 Apr 2025
10 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3857 When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stre… https://t.co/huK0g56x9A
@CVEnew
21 Apr 2025
367 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes