CVE-2018-8015

Published: May 18, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.

Affected (1)

Products: Apache: Orc

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Orc	After 1.0.0 to 1.4.3

Related CWEs

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (4)

http://www.securityfocus.com/bid/104215

Source: security@apache.org

Third Party AdvisoryVDB Entry

https://orc.apache.org/security/CVE-2018-8015/

Source: security@apache.org

Vendor Advisory

http://www.securityfocus.com/bid/104215

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://orc.apache.org/security/CVE-2018-8015/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.