GHSA-475f-74wp-pqv5

Source

https://github.com/advisories/GHSA-475f-74wp-pqv5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-475f-74wp-pqv5/GHSA-475f-74wp-pqv5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-475f-74wp-pqv5

Aliases

CVE-2014-0075

Published

2022-05-14T01:10:19Z

Modified

2024-11-28T05:36:12.436553Z

Summary

Integer Overflow or Wraparound in Apache Tomcat

Details

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Database specific

{
    "nvd_published_at": "2014-05-31T11:17:00Z",
    "cwe_ids": [
        "CWE-190",
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T22:54:51Z"
}

References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.40

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.0.53

Affected versions

7.*

7.0.35

7.0.37

7.0.39

7.0.40

7.0.41

7.0.42

7.0.47

7.0.50

7.0.52

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.0.4

Affected versions

8.*

8.0.1

8.0.3