CVE-2024-29131

CWE-787Out-of-bounds Write10 documents8 sources
Severity
7.3HIGH
EPSS
0.2%
top 51.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apache Software Foundation Apache Commons ConfigurationApache Commons ConfigurationFedoraproject Fedora+1 more
Timeline
PublishedMar 21
Latest updateJan 15

Description

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages4 packages

NVDapache/commons_configuration2.02.10.1
Debiancommons-configuration2< 2.10.1-1+1

Also affects: Ontap Tools 10, Fedora 39, 40

🔴Vulnerability Details

4
OSV
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()2024-03-21
CVEList
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()2024-03-21
OSV
CVE-2024-29131: Out-of-bounds Write vulnerability in Apache Commons Configuration2024-03-21
GHSA
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()2024-03-21

📋Vendor Advisories

5
Oracle
Oracle Oracle Analytics Risk Matrix: Platform Security (Apache Commons Configuration) — CVE-2024-291312025-01-15
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Apache Commons Configuration) — CVE-2024-291312024-10-15
Red Hat
commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()2024-03-20
Debian
CVE-2024-29131: commons-configuration2 - Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue aff...2024
Atlassian
CVE-2024-29131: DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server