Search criteria
6 vulnerabilities found for orc by apache
FKIE_CVE-2025-47436
Vulnerability from fkie_nvd - Published: 2025-05-14 14:15 - Updated: 2025-07-14 14:55
Severity ?
Summary
Heap-based Buffer Overflow vulnerability in Apache ORC.
A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption.
This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1.
Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/kd6tlv8fs5jybmsgxr4vrkdxyc866wrn | Mailing List, Vendor Advisory | |
| security@apache.org | https://orc.apache.org/security/CVE-2025-47436/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/05/13/4 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:orc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE62FF1F-4F28-4FBF-93B2-76E0A6B88894",
"versionEndExcluding": "1.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:orc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "463A880A-5E0D-4053-A5B2-CA8A4D017884",
"versionEndExcluding": "1.9.6",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:orc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C43D654F-8615-475C-B189-BEE6A6125C9A",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:orc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EC5BDD-B101-47E3-BABD-81543F6405D3",
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow vulnerability in Apache ORC.\n\nA vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to\u00a0allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption.\n\nThis issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1.\n\nUsers are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer basado en mont\u00f3n en Apache ORC. Se ha identificado una vulnerabilidad en la l\u00f3gica de descompresi\u00f3n LZO de ORC C++. Archivos ORC malformados, especialmente manipulados, pueden provocar que el descompresor asigne un b\u00fafer de 250 bytes, pero luego intente copiar 295 bytes en \u00e9l. Esto causa corrupci\u00f3n de memoria. Este problema afecta a la librer\u00eda Apache ORC C++: hasta la versi\u00f3n 1.8.8, de la 1.9.0 a la 1.9.5, de la 2.0.0 a la 2.0.4 y de la 2.1.0 a la 2.1.1. Se recomienda a los usuarios actualizar a las versiones 1.8.9, 1.9.6, 2.0.5 y 2.1.2, que solucionan el problema."
}
],
"id": "CVE-2025-47436",
"lastModified": "2025-07-14T14:55:25.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "security@apache.org",
"type": "Secondary"
}
]
},
"published": "2025-05-14T14:15:30.703",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/kd6tlv8fs5jybmsgxr4vrkdxyc866wrn"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://orc.apache.org/security/CVE-2025-47436/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/05/13/4"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2018-8015
Vulnerability from fkie_nvd - Published: 2018-05-18 17:29 - Updated: 2024-11-21 04:13
Severity ?
Summary
In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | http://www.securityfocus.com/bid/104215 | Third Party Advisory, VDB Entry | |
| security@apache.org | https://orc.apache.org/security/CVE-2018-8015/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104215 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://orc.apache.org/security/CVE-2018-8015/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:orc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "428A2534-6C8A-4C8F-B141-D21D242752CE",
"versionEndIncluding": "1.4.3",
"versionStartExcluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack."
},
{
"lang": "es",
"value": "En Apache ORC, de la versi\u00f3n 1.0.0 a la 1.4.3, un archivo ORC mal formado puede desencadenar una llamada de funci\u00f3n recursiva infinita en el analizador C++ o Java. El impacto de este error es, probablemente, una denegaci\u00f3n de servicio (DoS) contra el software que emplea el analizador de archivos ORC. Con el analizador C++, el desbordamiento de pila podr\u00eda corromper la pila."
}
],
"id": "CVE-2018-8015",
"lastModified": "2024-11-21T04:13:06.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-18T17:29:00.353",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104215"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://orc.apache.org/security/CVE-2018-8015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://orc.apache.org/security/CVE-2018-8015/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-47436 (GCVE-0-2025-47436)
Vulnerability from cvelistv5 – Published: 2025-05-14 13:11 – Updated: 2025-05-14 20:58
VLAI?
Title
Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression
Summary
Heap-based Buffer Overflow vulnerability in Apache ORC.
A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption.
This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1.
Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache ORC |
Affected:
0 , ≤ 1.8.8
(semver)
Affected: 1.9.0 , ≤ 1.9.5 (semver) Affected: 2.0.0 , ≤ 2.0.4 (semver) Affected: 2.1.0 , ≤ 2.1.1 (semver) |
Credits
Jason Villaluna
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-14T13:12:15.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/13/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T20:57:53.341189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T20:58:23.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache ORC",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.9.5",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.4",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.1",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jason Villaluna"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHeap-based Buffer Overflow vulnerability in Apache ORC.\u003c/p\u003e\u003cp\u003eA vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.\u003c/p\u003e"
}
],
"value": "Heap-based Buffer Overflow vulnerability in Apache ORC.\n\nA vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to\u00a0allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption.\n\nThis issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1.\n\nUsers are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/S:N/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T13:11:36.329Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://orc.apache.org/security/CVE-2025-47436/"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/kd6tlv8fs5jybmsgxr4vrkdxyc866wrn"
}
],
"source": {
"defect": [
"ORC-1879"
],
"discovery": "EXTERNAL"
},
"title": "Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-47436",
"datePublished": "2025-05-14T13:11:36.329Z",
"dateReserved": "2025-05-07T05:04:56.166Z",
"dateUpdated": "2025-05-14T20:58:23.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8015 (GCVE-0-2018-8015)
Vulnerability from cvelistv5 – Published: 2018-05-18 17:00 – Updated: 2024-09-16 18:44
VLAI?
Summary
In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache ORC |
Affected:
1.0.0 to 1.4.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://orc.apache.org/security/CVE-2018-8015/"
},
{
"name": "104215",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache ORC",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0 to 1.4.3"
}
]
}
],
"datePublic": "2018-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://orc.apache.org/security/CVE-2018-8015/"
},
{
"name": "104215",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-05-17T00:00:00",
"ID": "CVE-2018-8015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache ORC",
"version": {
"version_data": [
{
"version_value": "1.0.0 to 1.4.3"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://orc.apache.org/security/CVE-2018-8015/",
"refsource": "CONFIRM",
"url": "https://orc.apache.org/security/CVE-2018-8015/"
},
{
"name": "104215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8015",
"datePublished": "2018-05-18T17:00:00Z",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-09-16T18:44:19.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47436 (GCVE-0-2025-47436)
Vulnerability from nvd – Published: 2025-05-14 13:11 – Updated: 2025-05-14 20:58
VLAI?
Title
Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression
Summary
Heap-based Buffer Overflow vulnerability in Apache ORC.
A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption.
This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1.
Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache ORC |
Affected:
0 , ≤ 1.8.8
(semver)
Affected: 1.9.0 , ≤ 1.9.5 (semver) Affected: 2.0.0 , ≤ 2.0.4 (semver) Affected: 2.1.0 , ≤ 2.1.1 (semver) |
Credits
Jason Villaluna
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-14T13:12:15.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/13/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T20:57:53.341189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T20:58:23.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache ORC",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.9.5",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.4",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.1",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jason Villaluna"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHeap-based Buffer Overflow vulnerability in Apache ORC.\u003c/p\u003e\u003cp\u003eA vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.\u003c/p\u003e"
}
],
"value": "Heap-based Buffer Overflow vulnerability in Apache ORC.\n\nA vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to\u00a0allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption.\n\nThis issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1.\n\nUsers are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/S:N/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T13:11:36.329Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://orc.apache.org/security/CVE-2025-47436/"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/kd6tlv8fs5jybmsgxr4vrkdxyc866wrn"
}
],
"source": {
"defect": [
"ORC-1879"
],
"discovery": "EXTERNAL"
},
"title": "Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-47436",
"datePublished": "2025-05-14T13:11:36.329Z",
"dateReserved": "2025-05-07T05:04:56.166Z",
"dateUpdated": "2025-05-14T20:58:23.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8015 (GCVE-0-2018-8015)
Vulnerability from nvd – Published: 2018-05-18 17:00 – Updated: 2024-09-16 18:44
VLAI?
Summary
In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache ORC |
Affected:
1.0.0 to 1.4.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://orc.apache.org/security/CVE-2018-8015/"
},
{
"name": "104215",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache ORC",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0 to 1.4.3"
}
]
}
],
"datePublic": "2018-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://orc.apache.org/security/CVE-2018-8015/"
},
{
"name": "104215",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-05-17T00:00:00",
"ID": "CVE-2018-8015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache ORC",
"version": {
"version_data": [
{
"version_value": "1.0.0 to 1.4.3"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://orc.apache.org/security/CVE-2018-8015/",
"refsource": "CONFIRM",
"url": "https://orc.apache.org/security/CVE-2018-8015/"
},
{
"name": "104215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8015",
"datePublished": "2018-05-18T17:00:00Z",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-09-16T18:44:19.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}