Lucene search

[email protected]NVD:CVE-2012-0213

HistoryAug 07, 2012 - 9:55 p.m.

CVE-2012-0213

2012-08-0721:55:01

CWE-399

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.4 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.

Affected configurations

NVD

Node

apachepoiRange≤3.8

apachepoiMatch0.1

apachepoiMatch0.2

apachepoiMatch0.3

apachepoiMatch0.4

apachepoiMatch0.5

apachepoiMatch0.6

apachepoiMatch0.7

apachepoiMatch0.10.0

apachepoiMatch0.11.0

apachepoiMatch0.12.0

apachepoiMatch0.13.0

apachepoiMatch0.14.0

apachepoiMatch1.0.0

apachepoiMatch1.0.1

apachepoiMatch1.0.2

apachepoiMatch1.1.0

apachepoiMatch1.2.0

apachepoiMatch1.5

apachepoiMatch1.5.1

apachepoiMatch1.7dev

apachepoiMatch1.8dev

apachepoiMatch1.10dev

apachepoiMatch2.0

apachepoiMatch2.0pre1

apachepoiMatch2.0pre2

apachepoiMatch2.0pre3

apachepoiMatch2.0rc1

apachepoiMatch2.0rc2

apachepoiMatch2.5

apachepoiMatch2.5.1

apachepoiMatch3.0

apachepoiMatch3.0alpha1

apachepoiMatch3.0alpha2

apachepoiMatch3.0alpha3

apachepoiMatch3.0.1

apachepoiMatch3.0.2

apachepoiMatch3.0.2beta1

apachepoiMatch3.0.2beta2

apachepoiMatch3.1

apachepoiMatch3.1beta1

apachepoiMatch3.1beta2

apachepoiMatch3.2

apachepoiMatch3.5

apachepoiMatch3.5beta1

apachepoiMatch3.5beta2

apachepoiMatch3.5beta3

apachepoiMatch3.5beta4

apachepoiMatch3.5beta5

apachepoiMatch3.5beta6

apachepoiMatch3.6

apachepoiMatch3.7

apachepoiMatch3.7beta1

apachepoiMatch3.7beta2

apachepoiMatch3.7beta3

apachepoiMatch3.8beta1

apachepoiMatch3.8beta2

apachepoiMatch3.8beta3

apachepoiMatch3.8beta4

apachepoiMatch3.8beta5

References

lists.fedoraproject.org/pipermail/package-announce/2012-August/084609.html

rhn.redhat.com/errata/RHSA-2012-1232.html

secunia.com/advisories/49040

secunia.com/advisories/50549

www-01.ibm.com/support/docview.wss?uid=swg21996759

www.debian.org/security/2012/dsa-2468

www.mandriva.com/security/advisories?name=MDVSA-2013:094

www.securityfocus.com/bid/53487

bugzilla.redhat.com/show_bug.cgi?id=799078

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0044

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.4 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for NVD:CVE-2012-0213

nessus6 openvas8 debian1 securityvulns2 github1 fedora3 cve1 osv1 ubuntucve1 cvelist1 prion1 ibm7