CVE-2026-35562
Resource Exhaustion in Amazon Athena ODBC Driver Causes DoS
Publication date: 2026-04-03
Last updated on: 2026-04-14
Assigner: AMZN
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amazon | athena_odbc | to 2.1.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Amazon Athena ODBC driver versions before 2.1.0.0. It involves the allocation of resources without limits in the driver's parsing components. A threat actor can exploit this by sending specially crafted input that causes the driver to consume excessive resources during parsing operations.
This excessive resource consumption can lead to a denial of service condition, where the driver becomes unresponsive or crashes.
To fix this issue, users should upgrade the Amazon Athena ODBC driver to version 2.1.0.0 or later.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS) condition. An attacker can cause the Amazon Athena ODBC driver to consume excessive resources, potentially making the driver unresponsive or causing it to crash.
This can disrupt normal operations that depend on the driver, leading to downtime or degraded service availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should upgrade the Amazon Athena ODBC driver to version 2.1.0.0 or later.