Lucene search

GitHub Advisory DatabaseGHSA-G99M-3M46-4GM9

HistoryMay 14, 2019 - 4:00 a.m.

Infinite Loop in Apache Sanselan

2019-05-1404:00:47

CWE-835

GitHub Advisory Database

github.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

50.4%

JSON

Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.

Affected configurations

Vulners

Node

org.apache.sanselansanselanRange≤0.97-incubator

VendorProductVersionCPE
org.apache.sanselansanselan*cpe:2.3:a:org.apache.sanselan:sanselan:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.sanselan	sanselan	*	cpe:2.3:a:org.apache.sanselan:sanselan::::::::

References

github.com/advisories/GHSA-g99m-3m46-4gm9

lists.apache.org/thread.html/69204376d12205b0d2d90e6fcbeebb99b894e6db88c8ff565c4e1efa@%3Cdev.commons.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2018-17202

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

50.4%

JSON

Related for GHSA-G99M-3M46-4GM9