CVE-2021-28657

Published: Mar 31, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

Affected (11)

Products: Apache: Tika · Oracle: Communications Messaging Server, Healthcare Foundation, Primavera Unifier, Webcenter Portal

1 product

4 products

Communications Messaging Server

Healthcare Foundation

Primavera Unifier

Webcenter Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Tika	Up to 1.25

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Messaging Server	Version 8.1
Oracle Healthcare Foundation	Version 7.3.0
Oracle Healthcare Foundation	Version 8.0.0
Oracle Healthcare Foundation	Version 8.1.0
Oracle Primavera Unifier	From 17.7 to 17.12
Oracle Primavera Unifier	Version 18.8
Oracle Primavera Unifier	Version 19.12
Oracle Primavera Unifier	Version 20.12
Oracle Webcenter Portal	Version 12.2.1.3.0
Oracle Webcenter Portal	Version 12.2.1.4.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (10)

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E

Source: security@apache.org

Mailing ListVendor Advisory

https://security.netapp.com/advisory/ntap-20210507-0004/

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: security@apache.org

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: security@apache.org

PatchThird Party Advisory

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://security.netapp.com/advisory/ntap-20210507-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.