2 matches found
CVE-2022-26477
The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...
CVE-2022-26477
CVE-2022-26477 affects Apache SystemDS: the readExternal loop termination condition is a controllable variable, which can be tampered with to cause CPU exhaustion (DoS). The fix adds an upper bound/termination condition in read/write logic. Affected behavior is mitigated by bounding the number of...