Vulnerabilites related to Apache - Apache Tika
cve-2019-10088
Vulnerability from cvelistv5
Published
2019-08-02 18:53
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08%40%3Cdev.tika.apache.org%3E | x_refsource_CONFIRM | |
| https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20190828-0004/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Tika |
Version: 1.7 to 1.21 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:10:09.443Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190828-0004/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Tika", vendor: "Apache", versions: [ { status: "affected", version: "1.7 to 1.21", }, ], }, ], datePublic: "2019-08-02T00:00:00", descriptions: [ { lang: "en", value: "A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.", }, ], problemTypes: [ { descriptions: [ { description: "DoS/OOM", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T21:06:49", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190828-0004/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-10088", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Tika", version: { version_data: [ { version_value: "1.7 to 1.21", }, ], }, }, ], }, vendor_name: "Apache", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "DoS/OOM", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E", refsource: "CONFIRM", url: "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", refsource: "MLIST", url: "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", refsource: "MLIST", url: "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", refsource: "MLIST", url: "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E", }, { name: "https://security.netapp.com/advisory/ntap-20190828-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190828-0004/", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-10088", datePublished: "2019-08-02T18:53:19", dateReserved: "2019-03-26T00:00:00", dateUpdated: "2024-08-04T22:10:09.443Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1950
Vulnerability from cvelistv5
Published
2020-03-23 13:21
Modified
2024-08-04 06:54
Severity ?
EPSS score ?
Summary
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4564-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Tika |
Version: Apache Tika 1.0-1.23 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:54:00.402Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20200328 [SECURITY] [DLA 2161-1] tika security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E", }, { name: "USN-4564-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4564-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Tika", vendor: "Apache", versions: [ { status: "affected", version: "Apache Tika 1.0-1.23", }, ], }, ], datePublic: "2020-03-18T00:00:00", descriptions: [ { lang: "en", value: "A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.", }, ], problemTypes: [ { descriptions: [ { description: "Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:15:04", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[debian-lts-announce] 20200328 [SECURITY] [DLA 2161-1] tika security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E", }, { name: "USN-4564-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4564-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-1950", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Tika", version: { version_data: [ { version_value: "Apache Tika 1.0-1.23", }, ], }, }, ], }, vendor_name: "Apache", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20200328 [SECURITY] [DLA 2161-1] tika security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E", refsource: "CONFIRM", url: "https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E", }, { name: "USN-4564-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4564-1/", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-1950", datePublished: "2020-03-23T13:21:52", dateReserved: "2019-12-02T00:00:00", dateUpdated: "2024-08-04T06:54:00.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-10093
Vulnerability from cvelistv5
Published
2019-08-02 18:32
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21%40%3Cdev.tika.apache.org%3E | x_refsource_CONFIRM | |
| https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20190828-0004/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Tika |
Version: 1.19 to 1.21 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:10:09.762Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190828-0004/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Tika", vendor: "Apache", versions: [ { status: "affected", version: "1.19 to 1.21", }, ], }, ], datePublic: "2019-08-02T00:00:00", descriptions: [ { lang: "en", value: "In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.", }, ], problemTypes: [ { descriptions: [ { description: "DoS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T21:06:49", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190828-0004/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-10093", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Tika", version: { version_data: [ { version_value: "1.19 to 1.21", }, ], }, }, ], }, vendor_name: "Apache", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "DoS", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E", refsource: "CONFIRM", url: "https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", refsource: "MLIST", url: "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", refsource: "MLIST", url: "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", refsource: "MLIST", url: "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E", }, { name: "https://security.netapp.com/advisory/ntap-20190828-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190828-0004/", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-10093", datePublished: "2019-08-02T18:32:41", dateReserved: "2019-03-26T00:00:00", dateUpdated: "2024-08-04T22:10:09.762Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-10094
Vulnerability from cvelistv5
Published
2019-08-02 18:37
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61%40%3Cdev.tika.apache.org%3E | x_refsource_CONFIRM | |
| https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Tika |
Version: 1.7 to 1.21 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:10:09.434Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Tika", vendor: "Apache", versions: [ { status: "affected", version: "1.7 to 1.21", }, ], }, ], datePublic: "2019-08-02T00:00:00", descriptions: [ { lang: "en", value: "A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.", }, ], problemTypes: [ { descriptions: [ { description: "DoS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T21:06:49", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-10094", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Tika", version: { version_data: [ { version_value: "1.7 to 1.21", }, ], }, }, ], }, vendor_name: "Apache", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "DoS", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E", refsource: "CONFIRM", url: "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", refsource: "MLIST", url: "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", refsource: "MLIST", url: "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", refsource: "MLIST", url: "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-10094", datePublished: "2019-08-02T18:37:52", dateReserved: "2019-03-26T00:00:00", dateUpdated: "2024-08-04T22:10:09.434Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }