CVE-2024-29131
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
Vulnerabilidad de escritura fuera de los límites en la configuración de Apache Commons. Este problema afecta a la configuración de Apache Commons: desde 2.0 antes de 2.10.1. Se recomienda a los usuarios actualizar a la versión 2.10.1, que soluciona el problema.
A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-03-16 CVE Reserved
- 2024-03-21 CVE Published
- 2024-03-30 EPSS Updated
- 2024-08-28 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37 | 2024-05-01 | |
https://access.redhat.com/security/cve/CVE-2024-29131 | 2024-06-20 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2270674 | 2024-06-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Commons Configuration Search vendor "Apache Software Foundation" for product "Apache Commons Configuration" | >= 2.0.0 < 2.10.1 Search vendor "Apache Software Foundation" for product "Apache Commons Configuration" and version " >= 2.0.0 < 2.10.1" | en |
Affected
|