7.5

CVE-2017-12626

EPSS 3.17%
Veröffentlicht 29.01.2018 17:29:00
Zuletzt bearbeitet 21.11.2024 03:09:55
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Poi Version < 3.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.17%	0.864

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpujan2021.html

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://access.redhat.com/errata/RHSA-2018:1322

Third Party Advisory

http://www.securityfocus.com/bid/102879

Third Party Advisory

VDB Entry

https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b%40%3Cdev.poi.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2017-12626

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-12626

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-12626

EUVD