www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Allison <talli...@apache.org>
Subject [CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Parser
Date Sat, 22 Dec 2018 15:28:14 GMT
[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in
Tika's SQLite3Parser

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected: Apache Tika 1.8 to 1.19.1

Description:
A carefully crafted or corrupt sqlite file can cause an infinite loop
in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.


Mitigation:
Apache Tika users should upgrade to 1.20 or later.


Credit:
This issue was discovered by Tim Allison on the Apache Tika Team.

Mime
View raw message