CVE-2018-17197

CWE-83511 documents9 sources

Severity

6.5MEDIUM

EPSS

3.1%

top 13.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tika Apache Software Foundation Apache Tika

Timeline

PublishedDec 24

Latest updateApr 15

Description

A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶Mavenorg.apache.tika:tika-parsers1.8 — 1.20

▶NVDapache/tika1.8 — 1.19.1

▶CVEListV5apache_software_foundation/apache_tikaApache Tika 1.8-1.19.1

▶Debiantika< 1.20-1

🔴Vulnerability Details

GHSA

Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser↗2018-12-26

▶

OSV

Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser↗2018-12-26

▶

CVEList

CVE-2018-17197: A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1↗2018-12-24

▶

OSV

CVE-2018-17197: A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1↗2018-12-24

▶

📋Vendor Advisories

Oracle

Oracle Oracle Knowledge Risk Matrix: Information Manager Console (Apache Tika) — CVE-2018-17197↗2020-04-15

▶

Red Hat

tika: Infinite loop in SQLite3Parser resulting in a denial of service↗2018-12-22

▶

Debian

CVE-2018-17197: tika - A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache ...↗2018

▶

Apache

Apache tika: CVE-2018-17197↗

▶

💬Community

Bugzilla

CVE-2018-17197 tika: Infinite loop in SQLite3Parser resulting in a denial of service↗2019-01-07

▶

Bugzilla

CVE-2018-17197 tika: Infinite loop in SQLite3Parser resulting in a denial of service [fedora-all]↗2019-01-07

▶