Описание
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
A null pointer exception vulnerability was found in JGraphT Core. In the ArrayUtil and ToleranceDoubleComparator methods, an ArrayIndexOutOfBoundsException is thrown if the value of the parameter to is greater than the length of the array arr.
Отчет
The identified vulnerability in JGraphT Core, involving ArrayUtil and ToleranceDoubleComparator methods, represents a moderate severity issue due to its potential impact on application stability and security. While not directly leading to remote code execution or data breaches, the vulnerability exposes the application to denial of service attacks and unexpected crashes. By allowing an attacker to manipulate parameters to trigger an ArrayIndexOutOfBoundsException, the flaw can disrupt normal application operation, hindering service availability. Moreover, the absence of proper bounds checking in array accesses presents a risk of information leakage or corruption, depending on the application context. Though it does not pose an immediate threat to sensitive data, its exploitation can still cause significant disruptions and compromise the reliability of the affected system.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Applications 6 | jgrapht | Will not fix | ||
| Migration Toolkit for Runtimes | jgrapht | Affected | ||
| Red Hat Fuse 7 | jgrapht | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | jgrapht | Out of support scope | ||
| Red Hat Process Automation 7 | jgrapht | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double).
EPSS
7.5 High
CVSS3