7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-3857

GHSA ID

GHSA-gm2p-wf5c-w3pj

EPSS Score

0.14712%

CWE

CWE-502

Published

4/21/2025

Updated

4/23/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-3857

CVE-2025-3857: Infinite loop condition in Amazon.IonDotnet

Summary

Amazon.IonDotnet (ion-dotnet) is a .NET library with an implementation of the Ion data serialization format.

An issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition.

Impact

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service.

Impacted versions: <=1.3.0

Patches

This issue has been addressed in Amazon.IonDotnet version 1.3.1. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.

Workarounds

There are no workarounds. Upgrade to version 1.3.1.

References

If you have any questions or comments about this advisory, contact AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

Credit

We would like to thank Josh Coleman from Symbotic for collaborating on this issue through the coordinated vulnerability disclosure process.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-3857

GHSA ID

GHSA-gm2p-wf5c-w3pj

EPSS Score

0.14712%

CWE

CWE-502

Published

4/21/2025

Updated

4/23/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Amazon.IonDotnet	nuget	< 1.3.1	1.3.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly mentions that the RawBinaryReader class is affected and that an infinite loop can occur when reading binary Ion data if it's malformed or truncated. The provided commit 34a4f5215eceac1bb7bf434c4f2310d64d1b703b shows a modification in the Amazon.IonDotnet/Internals/Binary/RawBinaryReader.cs file, specifically within the ReadAll method. The patch introduces a check for amount == 0 inside a while (length > 0) loop. If this.input.Read returns 0 (indicating end-of-stream or no data read) while length is still positive, the original code would loop infinitely because length would not decrease. The added check throws an UnexpectedEofException, preventing the infinite loop. Therefore, the ReadAll method is the vulnerable function as it contained the logic susceptible to the infinite loop under specific input conditions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## Summ*ry [*m*zon.Ion*otn*t (ion-*otn*t)](*ttps://*it*u*.*om/*m*zon-ion/ion-*otn*t) is * .N*T li*r*ry wit* *n impl*m*nt*tion o* t** [Ion **t* s*ri*liz*tion *orm*t](*ttps://*m*zon-ion.*it*u*.io/ion-*o*s/). *n issu* *xists in *m*zon.Ion*otn*t *n* t*

Reasoning

T** vuln*r**ility **s*ription *xpli*itly m*ntions t**t t** `R*w*in*ryR****r` *l*ss is *****t** *n* t**t *n in*init* loop **n o**ur w**n r***in* *in*ry Ion **t* i* it's m*l*orm** or trun**t**. T** provi*** *ommit `*************************************

7.5

Basic Information

Concerned about an active attack path?

CVE-2025-3857: Infinite loop condition in Amazon.IonDotnet

Summary

Impact

Patches

Workarounds

References

Credit

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI