Infinite Loop Vulnerability in Apache Tika's SQLite3Parser
CVE-2018-17197
6.5MEDIUM
Summary
An infinite loop vulnerability exists in the SQLite3Parser component of Apache Tika, allowing a crafted or corrupt SQLite file to induce endless execution cycles. This is observed in versions ranging from 1.8 to 1.19.1 of Apache Tika. Malicious actors could exploit this flaw to disrupt the service by causing a denial of service condition.
Affected Version(s)
Apache Tika Apache Tika 1.8-1.19.1
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved