CVE-2022-41404 — Uncontrolled Resource Consumption in Project Ini4j

CWE-400 — Uncontrolled Resource Consumption CWE-674 — Uncontrolled Recursion6 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 26.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ini4j Project Ini4j Debian Ini4j Debian Linux

Timeline

PublishedOct 11

Latest updateOct 12

Description

An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/ini4j< ini4j 0.5.4-1 (bookworm)

▶NVDini4j_project/ini4j< 0.5.4

▶Debianini4j_project/ini4j< 0.5.4-1+3

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

org.ini4j allows attackers to cause a Denial of Service (DoS)↗2022-10-12

▶

GHSA

org.ini4j allows attackers to cause a Denial of Service (DoS)↗2022-10-12

▶

OSV

CVE-2022-41404: An issue in the fetch() method in the BasicProfile class of org↗2022-10-11

▶

📋Vendor Advisories

Red Hat

org.ini4j: unspecified DoS↗2022-10-12

▶

Debian

CVE-2022-41404: ini4j - An issue in the fetch() method in the BasicProfile class of org.ini4j through ve...↗2022

▶