CVE-2024-29133

CWE-787Out-of-bounds Write11 documents8 sources
Severity
5.4MEDIUM
EPSS
1.0%
top 23.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache Software Foundation Apache Commons ConfigurationApache Commons ConfigurationFedoraproject Fedora
Timeline
PublishedMar 21
Latest updateJan 15

Description

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

NVDapache/commons_configuration2.02.10.1
Debiancommons-configuration2< 2.10.1-1+1

Also affects: Fedora 39, 40

🔴Vulnerability Details

4
CVEList
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree2024-03-21
GHSA
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree2024-03-21
OSV
CVE-2024-29133: Out-of-bounds Write vulnerability in Apache Commons Configuration2024-03-21
OSV
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree2024-03-21

📋Vendor Advisories

6
Oracle
Oracle Oracle Communications Applications Risk Matrix: Microservices (Apache Commons Configuration) — CVE-2024-291332025-01-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (Apache Commons Configuration) — CVE-2024-291332024-10-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (Apache Commons Configuration) — CVE-2024-291332024-07-15
Red Hat
commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree2024-03-20
Debian
CVE-2024-29133: commons-configuration2 - Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue aff...2024