CVE Vulnerabilities

CVE-2018-1339

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Apr 25, 2018 | Modified: Nov 07, 2023
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tikas ChmParser in versions of Apache Tika before 1.18.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Tika Apache * 1.18 (excluding)
Red Hat JBoss Fuse 7 RedHat camel-tika *
Tika Ubuntu artful *
Tika Ubuntu bionic *
Tika Ubuntu cosmic *
Tika Ubuntu disco *
Tika Ubuntu eoan *
Tika Ubuntu groovy *
Tika Ubuntu hirsute *
Tika Ubuntu impish *
Tika Ubuntu kinetic *
Tika Ubuntu lunar *
Tika Ubuntu mantic *
Tika Ubuntu xenial *

References