CVE-2025-12829
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-07
Last updated on: 2025-11-12
Assigner: AMZN
Description
Description
An uninitialized stack read issue exists in Amazon Ion-C versions <v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version v1.1.4.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amazon | ion-c | 1.1.4 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an uninitialized stack read issue in Amazon Ion-C versions prior to v1.1.4. It allows a threat actor to craft data and serialize it to Ion text in a way that sensitive data in memory could be exposed through UTF-8 escape sequences.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive data from memory, which could result in unauthorized disclosure of confidential information.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should upgrade Amazon Ion-C to version v1.1.4 or later.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70