Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:39644
HistoryMar 10, 2023 - 11:28 p.m.

Denial Of Service (DoS)

2023-03-1023:28:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
log4j
vulnerability
crafted logging entry
denial of service
memory exhaustion
deserialized
jre 1.7
software

EPSS

0.002

Percentile

58.8%

log4j:log4j is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to the Chainsaw or SocketAppender components processing a logging entry with either a deeply nested hashmap or hashtable, which can lead to memory exhaustion when the object is deserialized. An attacker can submit a crafted logging entry and cause Denial of Service if the JRE is below 1.7.