CVE-2019-10088

CWE-770Allocation without Limits11 documents8 sources
Severity
8.8HIGH
EPSS
1.0%
top 22.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache TikaApache Apache Tika
Timeline
PublishedAug 2
Latest updateApr 15

Description

A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

Mavenorg.apache.tika:tika-core1.71.22
NVDapache/tika1.71.21
CVEListV5apache/apache_tika1.7 to 1.21
Debiantika< 1.22-1

🔴Vulnerability Details

4
GHSA
Allocation of Resources Without Limits or Throttling in Apache Tika2019-08-06
OSV
Allocation of Resources Without Limits or Throttling in Apache Tika2019-08-06
OSV
CVE-2019-10088: A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 12019-08-02
CVEList
CVE-2019-10088: A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 12019-08-02

📋Vendor Advisories

4
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (Tika) — CVE-2019-100882020-04-15
Oracle
Oracle Oracle Construction and Engineering Risk Matrix: Core (Apache Tika) — CVE-2019-100882020-01-15
Debian
CVE-2019-10088: tika - A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's Recurs...2019
Apache
Apache tika: CVE-2019-10088

💬Community

2
Bugzilla
CVE-2019-10088 tika: a carefully crafted or corrupt zip file can cause an OOM2019-12-02
Bugzilla
CVE-2019-10088 tika: a carefully crafted or corrupt zip file can cause an OOM [fedora-all]2019-12-02
CVE-2019-10088 (HIGH CVSS 8.8) | A carefully crafted or corrupt zip | cvebase.io