Main Vulnerability Database Vulnerabilities #VU16676

#VU16676 Infinite loop in Apache Tika - CVE-2018-17197

Published: December 22, 2018 / Updated: December 24, 2018

Vulnerability identifier: #VU16676

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-17197

CWE-ID: CWE-835

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Tika

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an infinite loop when handling malicious input. A remote attacker can supply a carefully crafted or corrupt sqlite file, trigger and an infinite loop in Apache Tika's SQLite3Parser and cause the service to crash.

Remediation

Update to version 1.20 or later.

External links

http://mail-archives.us.apache.org/mod_mbox/www-announce/201812.mbox/%3CCAC1dCwWhYmbkxAvFKgGSFd_ffp5...

#VU16676 Infinite loop in Apache Tika - CVE-2018-17197

Description

Remediation

External links

Please verify you're human