OSV-2023-1266

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/apache-poi/OSV-2023-1266.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-1266

Published

2023-12-08T00:10:39.042967Z

Modified

2023-12-08T00:10:39.043541Z

Summary

Security exception in java.base/javax.crypto.spec.SecretKeySpec.<init>

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64768

Crash type: Security exception
Crash state:
java.base/javax.crypto.spec.SecretKeySpec.<init>
org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock
org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64768

Affected packages

OSS-Fuzz / apache-poi

Package

Name: apache-poi
Purl: pkg:generic/apache-poi

Affected ranges

Type: GIT
Repo: https://github.com/apache/poi.git
Events: Introduced

3f317f5b32db4462aa2e9b0e54bf07399ead71c1

Fixed

ecc42ac4f25da02b571ab1d29e15f7b3c911447a

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

{
    "introduced_range": "5b246ca08035a9343f1a1525b53149947be8e554:6e3d031e80d83bc914299a1cc992594f5800595a"
}