Infinite Loop Vulnerability in Apache Tika's SQLite3Parser
CVE-2018-17197

6.5MEDIUM

Key Information:

Vendor

Apache
Status
Apache Tika
Vendor
CVE Published:
24 December 2018

What is CVE-2018-17197?

An infinite loop vulnerability exists in the SQLite3Parser component of Apache Tika, allowing a crafted or corrupt SQLite file to induce endless execution cycles. This is observed in versions ranging from 1.8 to 1.19.1 of Apache Tika. Malicious actors could exploit this flaw to disrupt the service by causing a denial of service condition.

Affected Version(s)

Apache Tika Apache Tika 1.8-1.19.1

References

http://www.securityfocus.com/bid/106293
vdb-entryx_refsource_BID
https://lists.apache.org/thread.html/7c021a4ea2037e52e746...
x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuj...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.