Denial of Service Vulnerability in Apache Tika's BPGParser
CVE-2018-1338

5.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Tika
Vendor: CVE Published:; 25 April 2018

What is CVE-2018-1338?

A crafted file can exploit a flaw in Apache Tika's BPGParser, potentially leading to an infinite loop that impacts system availability. This vulnerability affects users of Apache Tika versions prior to 1.18, allowing attackers to create conditions that may render the service unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Tika < 1.18

References

https://access.redhat.com/errata/RHSA-2018:2669

vendor-advisoryx_refsource_REDHAT

https://lists.apache.org/thread.html/4d20c5748fb9f836653b...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2018
Vulnerability Reserved
Dec 7, 2017

JSON

Apache

What is CVE-2018-1338?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.