A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
References
Link | Resource |
---|---|
https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E | |
https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E | Mailing List Vendor Advisory |
https://security.netapp.com/advisory/ntap-20210507-0004/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2021.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
10 May 2022, 15:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* |
|
First Time |
Oracle webcenter Portal
|
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Dec 2021, 20:00
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:8.0.0:*:*:*:*:*:*:* |
20 Oct 2021, 11:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jun 2021, 18:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MLIST) https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E - Mailing List, Third Party Advisory |
02 May 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Apr 2021, 17:25
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.5 |
References | (MISC) https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E - Mailing List, Vendor Advisory | |
CWE | CWE-835 | |
CPE | cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:* |
31 Mar 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-31 08:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-28657
Mitre link : CVE-2021-28657
CVE.ORG link : CVE-2021-28657
JSON object : View
Products Affected
oracle
- healthcare_foundation
- primavera_unifier
- webcenter_portal
- communications_messaging_server
apache
- tika
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')