CVE Vulnerabilities

CVE-2021-28657

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Mar 31, 2021 | Modified: Nov 07, 2023
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

A carefully crafted or corrupt file may trigger an infinite loop in Tikas MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Tika Apache * 1.25

References