Описание
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | poi-scratchpad | Fix deferred | ||
| Red Hat build of Quarkus | poi-scratchpad | Fix deferred | ||
| Red Hat Data Grid 8 | poi-scratchpad | Not affected | ||
| Red Hat Integration Camel K 1 | poi-scratchpad | Fix deferred | ||
| Red Hat Integration Camel Quarkus 1 | poi-scratchpad | Fix deferred | ||
| Red Hat JBoss Data Grid 7 | poi-scratchpad | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | poi-scratchpad | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | poi-scratchpad | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | poi-scratchpad | Not affected | ||
| Red Hat JBoss Fuse 6 | poi-scratchpad | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
3.5 Low
CVSS3
Связанные уязвимости
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad
EPSS
3.5 Low
CVSS3