CVE-2021-28657

CVSS v3.1 5.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.08 % (35^th)

Affected Products 5

Advisories 3

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

Weaknesses

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2021-03-31 08:15:11
(3 years ago)
Updated Date: 2023-11-07 03:32:17
(10 months ago)

Affected Products

Apache

Tika

Oracle

Configuration #1

		CPE23	From	Up To
	Apache Tika 1.25 and prior versions	cpe:2.3:a:apache:tika		<= 1.25

Configuration #2

	CPE23	From	Up To
Oracle Healthcare Foundation 7.3.0	cpe:2.3:a:oracle:healthcare_foundation:7.3.0
Oracle Healthcare Foundation 8.0.0	cpe:2.3:a:oracle:healthcare_foundation:8.0.0
Oracle Healthcare Foundation 8.1.0	cpe:2.3:a:oracle:healthcare_foundation:8.1.0
Oracle Primavera Unifier from 17.7 version and 17.12 and prior versions	cpe:2.3:a:oracle:primavera_unifier	>= 17.7	<= 17.12
Oracle Primavera Unifier 18.8	cpe:2.3:a:oracle:primavera_unifier:18.8
Oracle Primavera Unifier 19.12	cpe:2.3:a:oracle:primavera_unifier:19.12
Oracle Primavera Unifier 20.12	cpe:2.3:a:oracle:primavera_unifier:20.12
Oracle Webcenter Portal 12.2.1.3.0	cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0
Oracle Webcenter Portal 12.2.1.4.0	cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0
Oracle Communications Messaging Server 8.1	cpe:2.3:o:oracle:communications_messaging_server:8.1