GHSA-475f-74wp-pqv5

Source

https://github.com/advisories/GHSA-475f-74wp-pqv5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-475f-74wp-pqv5/GHSA-475f-74wp-pqv5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-475f-74wp-pqv5

Aliases

CVE-2014-0075

Published

2022-05-14T01:10:19Z

Modified

2025-04-14T22:11:38.484939Z

Summary

Integer Overflow or Wraparound in Apache Tomcat

Details

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2014-05-31T11:17:00Z",
    "cwe_ids": [
        "CWE-190",
        "CWE-400"
    ],
    "github_reviewed_at": "2022-07-07T22:54:51Z",
    "severity": "MODERATE"
}

References

Affected packages

Maven

org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.40

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-475f-74wp-pqv5/GHSA-475f-74wp-pqv5.json"

org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.0.53

Affected versions

7.*

7.0.35

7.0.37

7.0.39

7.0.40

7.0.41

7.0.42

7.0.47

7.0.50

7.0.52

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-475f-74wp-pqv5/GHSA-475f-74wp-pqv5.json"

org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.0.4

Affected versions

8.*

8.0.1

8.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-475f-74wp-pqv5/GHSA-475f-74wp-pqv5.json"

org.apache.tomcat:tomcat-coyote

Package

Name: org.apache.tomcat:tomcat-coyote; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat-coyote

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.40

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-475f-74wp-pqv5/GHSA-475f-74wp-pqv5.json"

org.apache.tomcat:tomcat-coyote

Package

Name: org.apache.tomcat:tomcat-coyote; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat-coyote

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.0.53

Affected versions

7.*

7.0.0

7.0.2

7.0.4

7.0.5

7.0.6

7.0.8

7.0.11

7.0.12

7.0.14

7.0.16

7.0.19

7.0.20

7.0.21

7.0.22

7.0.23

7.0.25

7.0.26

7.0.27

7.0.28

7.0.29

7.0.30

7.0.32

7.0.33

7.0.34

7.0.35

7.0.37

7.0.39

7.0.40

7.0.41

7.0.42

7.0.47

7.0.50

7.0.52

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-475f-74wp-pqv5/GHSA-475f-74wp-pqv5.json"

org.apache.tomcat:tomcat-coyote

Package

Name: org.apache.tomcat:tomcat-coyote; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat-coyote

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.0.4

Affected versions

8.*

8.0.1

8.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-475f-74wp-pqv5/GHSA-475f-74wp-pqv5.json"