CVE-2022-25169

EPSS 0.06%
Veröffentlicht 16.05.2022 17:15:09
Zuletzt bearbeitet 21.11.2024 06:51:44
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tika Version < 1.28.2

Apache ≫ Tika Version >= 2.0.0 < 2.4.0

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Primavera Unifier Version21.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.185

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/05/16/4

Third Party Advisory

Mailing List

https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20220804-0004/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-25169

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-25169

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-25169

EUVD