CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:25
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 May 2022, 15:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* |
|
First Time |
Oracle webcenter Sites
|
|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Apr 2022, 15:37
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/apereo/cas/commit/93b1c3e9d90e36a19d0fa0f6efb863c6f0235e75 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/apereo/cas/pull/4685 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/apereo/cas/commit/a042808d6adbbf44753d52c55cac5f533e24101f - Patch, Third Party Advisory | |
References | (MISC) https://github.com/apereo/cas/commit/8810f2b6c71d73341d4dde6b09a18eb46cfd6d45 - Patch, Third Party Advisory |
10 Mar 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Dec 2021, 20:13
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 May 2021, 13:39
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r77c48cd851f60833df9a9c9c31f12243508e15d1b2a0961066d44fc6@%3Ccommits.tomee.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r2237a27040b57adc2fcc5570bd530ad2038e67fcb2a3ce65283d3143@%3Ccommits.tomee.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r4a62133ad01d5f963755021027a4cce23f76b8674a13860d2978c7c8@%3Ccommits.tomee.apache.org%3E - Mailing List, Third Party Advisory |
26 Apr 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-01-24 15:15
Updated : 2023-12-10 13:13
NVD link : CVE-2020-7226
Mitre link : CVE-2020-7226
CVE.ORG link : CVE-2020-7226
JSON object : View
Products Affected
oracle
- weblogic_server
- communications_services_gatekeeper
- webcenter_sites
vt
- cryptacular
CWE
CWE-770
Allocation of Resources Without Limits or Throttling