oss-sec mailing list archives
[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Parser
From: Tim Allison <tallison () apache org>
Date: Sat, 22 Dec 2018 10:28:14 -0500
[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Parser Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 1.8 to 1.19.1 Description: A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. Mitigation: Apache Tika users should upgrade to 1.20 or later. Credit: This issue was discovered by Tim Allison on the Apache Tika Team.
Current thread:
- [CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Parser Tim Allison (Dec 22)