https://bz.apache.org/bugzilla/show_bug.cgi?id=66151
Bug ID: 66151
Summary: Fix For CVE-2022-26336
Product: POI
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: HMEF
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
In Poi-ooxml-schemas 4.1.2 jar a CVE is identified by the CVE Tracker tool
https://owasp.org/www-project-dependency-check/
The CVE description is as below
CVE-2022-26336 suppress
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an
attacker to cause an Out of Memory exception. This package is used to read TNEF
files (Microsoft Outlook and Microsoft Exchange Server). If an application uses
poi-scratchpad to parse TNEF files and the application allows untrusted users
to supply them, then a carefully crafted file can cause an Out of Memory
exception. This issue affects poi-scratchpad version 5.2.0 and prior versions.
Users are recommended to upgrade to poi-scratchpad 5.2.1.
CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
Base Score: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
CONFIRM - N/A
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
