Lucene search

GitHub Advisory DatabaseGHSA-XJP4-HW94-MVP5

HistoryMar 21, 2024 - 9:31 a.m.

Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

2024-03-2109:31:14

CWE-787

GitHub Advisory Database

github.com

apache commons configuration

out-of-bounds write

vulnerability

version 2.10.1

fix

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a ‘StackOverflowError’ when adding a property in ‘AbstractListDelimiterHandler.flattenIterator()’.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.

Affected configurations

Vulners

Node

org.apache.commons\commonsMatchconfiguration2

CPENameOperatorVersion
org.apache.commons:commons-configuration2lt2.10.1

CPE	Name	Operator	Version
	org.apache.commons:commons-configuration2	lt	2.10.1

References

www.openwall.com/lists/oss-security/2024/03/20/4

github.com/advisories/GHSA-xjp4-hw94-mvp5

github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554

issues.apache.org/jira/browse/CONFIGURATION-840

lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37

lists.fedoraproject.org/archives/list/[email protected]/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7

lists.fedoraproject.org/archives/list/[email protected]/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS

nvd.nist.gov/vuln/detail/CVE-2024-29131