CNNVD-202511-806 Information

CNNVD ID

CNNVD-202511-806

Related CVE

CVE-2025-12829

• CNNVD Published: 2025-11-07

Description (Chinese)

Amazon Ion C是amazon-ion开源的一个Amazon Ion的C语言实现。 Amazon Ion C v1.1.4之前版本存在安全漏洞，该漏洞源于未初始化栈读取问题，可能导致UTF-8转义序列暴露内存中的敏感数据。

Description (English)

Amazon Ion C is the C language of Amazon Ion, an open source of Amazon-ion. The pre-Amazon Ion C v1.1.4 version has a security loophole, which stems from uninitialized stack reading problems and may lead to the exposure of sensitive data in the UTF-8 conversion sequence memory.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

amazon-ion

Published

2025-11-07

Last Modified

2026-02-24

References

https://github.com/amazon-ion/ion-c/security/advisories/GHSA-7mgf-6x73-5h7r https://github.com/amazon-ion/ion-c/releases/tag/v1.1.4 https://aws.amazon.com/security/security-bulletins/AWS-2025-027/ https://access.redhat.com/security/cve/cve-2025-12829

Patch

https://amazon-ion.github.io/ion-docs/