Описание
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| AMQ Clients | commons-configuration2 | Not affected | ||
| A-MQ Clients 2 | commons-configuration2 | Will not fix | ||
| OpenShift Developer Tools and Services | jenkins-2-plugins | Affected | ||
| Red Hat build of Apache Camel 4 for Quarkus 3 | commons-configuration2 | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 3 | commons-configuration2 | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 4 | commons-configuration2 | Not affected | ||
| Red Hat build of OptaPlanner 8 | commons-configuration2 | Not affected | ||
| Red Hat Data Grid 8 | commons-configuration2 | Not affected | ||
| Red Hat Fuse 7 | commons-configuration2 | Out of support scope | ||
| Red Hat Integration Camel K 1 | commons-configuration2 | Will not fix |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
Out-of-bounds Write vulnerability in Apache Commons Configuration.This ...
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Уязвимость функции AbstractListDelimiterHandler.flattenIterator() библиотеки Apache Commons Configuration, позволяющая нарушителю выполнить произвольный код
EPSS
4.4 Medium
CVSS3