'[oss-security] [CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Pars'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Pars
From:       Tim Allison <tallison () apache ! org>
Date:       2018-12-22 15:28:14
Message-ID: CAC1dCwWhYmbkxAvFKgGSFd_ffp5EeCimB2gBXTo+9-F7v6TSNQ () mail ! gmail ! com
[Download RAW message or body]

[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in
Tika's SQLite3Parser

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected: Apache Tika 1.8 to 1.19.1

Description:
A carefully crafted or corrupt sqlite file can cause an infinite loop
in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.

Mitigation:
Apache Tika users should upgrade to 1.20 or later.

Credit:
This issue was discovered by Tim Allison on the Apache Tika Team.
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic