An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 8.0.0 | 8.0.0 |
Tomcat | Apache | 8.0.0 | 8.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 8.0.0 | 8.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 8.0.0 | 8.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 8.0.0 | 8.0.0 |
Tomcat | Apache | 8.0.0 | 8.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 8.0.0 | 8.0.0 |
Tomcat | Apache | 8.0.0 | 8.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 8.0.0 | 8.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 8.0.0 | 8.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 9.0.0 | 9.0.0 |
Tomcat | Apache | 8.0.0 | 8.0.51 |
Tomcat | Apache | 8.5.0 | 8.5.30 |
Tomcat | Apache | 9.0.1 | 9.0.7 |
Tomcat | Apache | 7.0.28 | 7.0.86 |