CVE Vulnerabilities

CVE-2018-1336

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Aug 02, 2018 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 8.0.0 8.0.0
Tomcat Apache 8.0.0 8.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 8.0.0 8.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 8.0.0 8.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 8.0.0 8.0.0
Tomcat Apache 8.0.0 8.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 8.0.0 8.0.0
Tomcat Apache 8.0.0 8.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 8.0.0 8.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 8.0.0 8.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 9.0.0 9.0.0
Tomcat Apache 8.0.0 8.0.51
Tomcat Apache 8.5.0 8.5.30
Tomcat Apache 9.0.1 9.0.7
Tomcat Apache 7.0.28 7.0.86

References