Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:45970
HistoryMar 22, 2024 - 5:11 a.m.

Out-of-Bounds Write

2024-03-2205:11:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
apache commons configuration
out-of-bounds write
improper handling
stackoverflowerror
listdelimiterhandler.flatten()
denial of service

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.1%

JSON

Apache Commons Configuration is vulnerable to Out-of-Bounds Write. The vulnerability is due to improper handling of a cyclical object tree, which can trigger a StackOverflowError when the ListDelimiterHandler.flatten() method is called. This occurs because the method recursively traverses the object tree without a proper termination condition, leading to excessive recursion and eventually a stack overflow, resulting in Denial of Service (DoS).

Related

osv 1
cnvd 1
github 1
cve 1
redhatcve 1
cvelist 1
cgr 1
wolfi 1
debiancve 1
nessus 4
ibm 3
openvas 6
fedora 2
redhat 1
osv
osv
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
2024-03-21 09:31:14
cnvd
cnvd
Apache Commons Configuration Out-of-Bounds Write Vulnerability (CNVD-2024-16109)
2024-03-26 00:00:00
github
github
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
2024-03-21 09:31:14
cve
cve
CVE-2024-29133
2024-03-21 09:15:07
redhatcve
redhatcve
CVE-2024-29133
2024-03-21 12:16:00
cvelist
cvelist
CVE-2024-29133 Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
2024-03-21 09:05:47
cgr
cgr
CVE-2024-29133 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-29133 vulnerabilities
2024-06-01 09:07:38
debiancve
debiancve
CVE-2024-29133
2024-03-21 09:15:07
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-configuration (SUSE-SU-2024:1377-1)
2024-04-23 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-configuration2 (SUSE-SU-2024:1365-1)
2024-04-23 00:00:00
Fedora 39 : apache-commons-configuration (2024-fa7b758114)
2024-03-30 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment
2024-05-02 02:53:11
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
2024-04-17 06:43:13
Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities IBM® Semeru Java™ Version 11 and Apache Commons
2024-04-16 19:21:10
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1365-1)
2024-05-07 00:00:00
openSUSE: Security Advisory for apache (SUSE-SU-2024:1377-1)
2024-04-25 00:00:00
Fedora: Security Advisory for apache-commons-configuration (FEDORA-2024-fa7b758114)
2024-04-03 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: apache-commons-configuration-2.10.1-1.fc39
2024-03-30 01:10:55
[SECURITY] Fedora 40 Update: apache-commons-configuration-2.10.1-1.fc40
2024-03-29 04:11:00
redhat
redhat
(RHSA-2024:2945) Important: Red Hat AMQ Broker 7.12.0 release and security update
2024-05-21 14:17:10

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.1%

JSON
Related for VERACODE:45970
osv1cnvd1github1cve1redhatcve1cvelist1cgr1wolfi1debiancve1nessus4ibm3openvas6fedora2redhat1