CVE-2023-34150 - OpenCVE

** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Any23

Configuration 1 [-]

cpe:2.3:a:apache:any23:*:*:*:*:*:*:*:*

References

Link	Resource
https://lists.apache.org/thread/713tk23khbtbg940pb2ql8ggd4cvh6j1	Mailing List Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2023-07-05T07:28:35.592Z

Updated: 2024-06-04T17:21:04.805Z

Reserved: 2023-05-28T15:27:56.797Z

Link: CVE-2023-34150

JSON object: View

NVD Information

Status : Modified

Published: 2023-07-05T08:15:09.143

Modified: 2024-06-04T19:17:29.713

Link: CVE-2023-34150

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34150", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-05-28T15:27:56.797Z", "datePublished": "2023-07-05T07:28:35.592Z", "dateUpdated": "2024-06-04T17:21:04.805Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Apache Any23", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.7", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Liran Mendelovich"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">** UNSUPPORTED WHEN ASSIGNED ** </span>Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage."}], "value": "** UNSUPPORTED WHEN ASSIGNED **\u00a0Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-07-14T08:51:48.453Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/713tk23khbtbg940pb2ql8ggd4cvh6j1"}], "source": {"discovery": "EXTERNAL"}, "tags": ["unsupported-when-assigned"], "title": "Apache Any23: Possible excessive allocation of resources reading input.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-34150", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-30T17:23:32.772584Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:21:04.805Z"}}]}}