CVE-2012-0213 β€” Uncontrolled Resource Consumption in Apache POI

CWE-399CWE-400 β€” Uncontrolled Resource Consumption7 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
13.1%
top 5.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache POI
Timeline
PublishedAug 7
Latest updateMay 4

Description

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

β–ΆNVDapache/poi3.8+34

πŸ”΄Vulnerability Details

3
OSV
Denial of Service in Apache POI↗2022-05-04
β–Ά
GHSA
Denial of Service in Apache POI↗2022-05-04
β–Ά
CVEList
CVE-2012-0213: The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure↗2012-08-07
β–Ά

πŸ“‹Vendor Advisories

1
Red Hat
jakarta: JVM destabilization due to memory exhaustion when processing CDF/CFBF files↗2012-05-09
β–Ά

πŸ’¬Community

2
Bugzilla
CVE-2012-0213 apache-poi, jakarta: JVM destabilization due to memory exhaustion when processing CDF/CFBF files [fedora-all]β†—2012-05-11
β–Ά
Bugzilla
CVE-2012-0213 apache-poi, jakarta: JVM destabilization due to memory exhaustion when processing CDF/CFBF files↗2012-03-01
β–Ά
CVE-2012-0213 β€” Uncontrolled Resource Consumption | cvebase