CVE-2022-25169

EPSS 0.06%
Published 16.05.2022 17:15:09
Last modified 21.11.2024 06:51:44
Source security@apache.org
Teams watchlist Login
Open Login

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Tika Version < 1.28.2

Apache ≫ Tika Version >= 2.0.0 < 2.4.0

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Primavera Unifier Version21.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.185

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/05/16/4

Third Party Advisory

Mailing List

https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20220804-0004/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-25169

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-25169

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-25169

EUVD