Apache Commons Configuration is vulnerable to Out-of-Bounds Write. The vulnerability is due to improper handling of a cyclical object tree, which can trigger a StackOverflowError
when the ListDelimiterHandler.flatten()
method is called. This occurs because the method recursively traverses the object tree without a proper termination condition, leading to excessive recursion and eventually a stack overflow, resulting in Denial of Service (DoS).
CPE | Name | Operator | Version |
---|---|---|---|
apache commons configuration | le | 2.10.0 | |
apache commons configuration | le | 2.10.0 |
www.openwall.com/lists/oss-security/2024/03/20/3
github.com/advisories/GHSA-9w38-p64v-xpmv
github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4
lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2
lists.fedoraproject.org/archives/list/[email protected]/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/
lists.fedoraproject.org/archives/list/[email protected]/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/