CVE-2019-10094

CWE-770 — Allocation without Limits9 documents7 sources

Severity

7.8HIGH

EPSS

0.6%

top 31.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tika Apache Apache Tika

Timeline

PublishedAug 2

Latest updateDec 2

Description

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶Mavenorg.apache.tika:tika-core1.7 — 1.22

▶NVDapache/tika1.7 — 1.21

▶CVEListV5apache/apache_tika1.7 to 1.21

▶Debiantika< 1.22-1

🔴Vulnerability Details

OSV

Allocation of Resources Without Limits or Throttling in Apache Tika↗2019-08-06

▶

GHSA

Allocation of Resources Without Limits or Throttling in Apache Tika↗2019-08-06

▶

CVEList

CVE-2019-10094: A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tik↗2019-08-02

▶

OSV

CVE-2019-10094: A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tik↗2019-08-02

▶

📋Vendor Advisories

Debian

CVE-2019-10094: tika - A carefully crafted package/compressed file that, when unzipped/uncompressed yie...↗2019

▶

Apache

Apache tika: CVE-2019-10094↗

▶

💬Community

Bugzilla

CVE-2019-10094 tika: crafted package/compressed file can cause a StackOverflowError in RecursiveParserWrapper↗2019-12-02

▶

Bugzilla

CVE-2019-10094 tika: crafted package/compressed file can cause a StackOverflowError in RecursiveParserWrapper [fedora-all]↗2019-12-02

▶