CVE-2021-28657

Опубликовано: 30 мар. 2021

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat BPM Suite 6	tika-parsers	Out of support scope
Red Hat Fuse 7	tika-parsers	Fix deferred
Red Hat Integration Camel K 1	tika-parsers	Fix deferred
Red Hat Integration Camel Quarkus 1	tika-parsers	Fix deferred
Red Hat JBoss BRMS 5	tika-parsers	Out of support scope
Red Hat JBoss BRMS 6	tika-parsers	Out of support scope
Red Hat JBoss Data Virtualization 6	tika-parsers	Out of support scope
Red Hat JBoss Fuse 6	tika-parsers	Out of support scope
Red Hat JBoss Fuse Service Works 6	tika-parsers	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=1944881tika-parsers: Infinite loop in MP3Parser

EPSS

Процентиль: 45%

0.00221

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-28657

CVSS3: 5.5

ubuntu

почти 5 лет назад

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

CVE-2021-28657

CVSS3: 5.5

nvd

почти 5 лет назад

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

CVE-2021-28657

CVSS3: 5.5

debian

почти 5 лет назад

A carefully crafted or corrupt file may trigger an infinite loop in Ti ...

GHSA-567x-m4wm-87v8

CVSS3: 5.5

github

больше 4 лет назад

Infinite loop in Apache Tika

EPSS

Процентиль: 45%

0.00221

Низкий

5.5 Medium

CVSS3