CVE-2021-31812

Published: Jun 12, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

Affected (14)

Products: Apache: Pdfbox · Fedoraproject: Fedora · Oracle: Banking Corporate Lending Process Management, Banking Credit Facilities Process Management, Banking Supply Chain Finance, Communications Messaging Server, Retail Customer Management And Segmentation Foundation

1 product

1 product

5 products

Banking Corporate Lending Process Management

Banking Credit Facilities Process Management

Banking Supply Chain Finance

Communications Messaging Server

Retail Customer Management And Segmentation Foundation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Pdfbox	From 2.0.0 to 2.0.23

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Configuration C

11 vulnerable

Vulnerable Software	Affected Versions
Oracle Banking Corporate Lending Process Management	Version 14.2.0
Oracle Banking Corporate Lending Process Management	Version 14.3.0
Oracle Banking Corporate Lending Process Management	Version 14.5.0
Oracle Banking Credit Facilities Process Management	Version 14.2.0
Oracle Banking Credit Facilities Process Management	Version 14.3.0
Oracle Banking Credit Facilities Process Management	Version 14.5.0
Oracle Banking Supply Chain Finance	Version 14.2.0
Oracle Banking Supply Chain Finance	Version 14.3.0
Oracle Banking Supply Chain Finance	Version 14.5.0
Oracle Communications Messaging Server	Version 8.1
Oracle Retail Customer Management And Segmentation Foundation	Version 18.1

Related CWEs

Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (34)

http://www.openwall.com/lists/oss-security/2021/06/12/1

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff%40%3Cnotifications.ofbiz.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r143fd8445e0e778f4a85187bd79438630b96b8040e9401751fdb8aea%40%3Ccommits.ofbiz.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r179cc3b6822c167702ab35fe36093d5da4c99af44238c8a754c6860f%40%3Ccommits.ofbiz.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r2090789e4dcc2c87aacbd87d5f18e2d64dcb9f6eb7c47f5cf7d293cb%40%3Cnotifications.ofbiz.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e%40%3Cusers.pdfbox.apache.org%3E

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e%40%3Cusers.pdfbox.apache.org%3E

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.apache.org/thread.html/rd4b6db6c3b8ab3c70f1c3bbd725a40920896453ffc2744ade6afd9fb%40%3Cnotifications.ofbiz.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/re0cacd3fb337cdf8469853913ed2b4ddd8f8bfc52ff0ddbe61c1dfba%40%3Ccommits.ofbiz.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rf251f6c358087107f8c23473468b279d59d50a75db6b4768165c78d3%40%3Cannounce.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rfe26bcaba564deb505c32711ba68df7ec589797dcd96ff3389a8aaba%40%3Cnotifications.ofbiz.apache.org%3E

Source: security@apache.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HHWJRFXZ3PTKLJCOM7WJEYZFKFWMNSV/

Source: security@apache.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDJKJQOMVFDFIDS27OQJXNOYHV2O273D/

Source: security@apache.org

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: security@apache.org

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Source: security@apache.org

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: security@apache.org

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: security@apache.org

PatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/06/12/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff%40%3Cnotifications.ofbiz.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r143fd8445e0e778f4a85187bd79438630b96b8040e9401751fdb8aea%40%3Ccommits.ofbiz.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r179cc3b6822c167702ab35fe36093d5da4c99af44238c8a754c6860f%40%3Ccommits.ofbiz.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r2090789e4dcc2c87aacbd87d5f18e2d64dcb9f6eb7c47f5cf7d293cb%40%3Cnotifications.ofbiz.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e%40%3Cusers.pdfbox.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e%40%3Cusers.pdfbox.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://lists.apache.org/thread.html/rd4b6db6c3b8ab3c70f1c3bbd725a40920896453ffc2744ade6afd9fb%40%3Cnotifications.ofbiz.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/re0cacd3fb337cdf8469853913ed2b4ddd8f8bfc52ff0ddbe61c1dfba%40%3Ccommits.ofbiz.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rf251f6c358087107f8c23473468b279d59d50a75db6b4768165c78d3%40%3Cannounce.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rfe26bcaba564deb505c32711ba68df7ec589797dcd96ff3389a8aaba%40%3Cnotifications.ofbiz.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HHWJRFXZ3PTKLJCOM7WJEYZFKFWMNSV/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDJKJQOMVFDFIDS27OQJXNOYHV2O273D/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.