PT-2026-27261 · Unknown+1 · Active Support+1

Jhawthorn

Publicado

2026-03-23

Atualizado

2026-05-06

CVE-2026-33176

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1

Description Active Support number helpers are susceptible to a denial-of-service condition. The number helpers accept strings containing scientific notation, such as 1e10000, which are expanded into extremely large decimal representations by BigDecimal. This expansion can lead to excessive memory allocation and CPU usage during formatting, potentially causing a DoS.

Recommendations Update to Active Support version 8.1.2.1 or later. Update to Active Support version 8.0.4.1 or later. Update to Active Support version 7.2.3.1 or later.

Exploit

Correção

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-770

Identificadores relacionados

BDU:2026-07237

CVE-2026-33176

GHSA-2J26-FRM8-CMJ9

RHSA-2026:14835

RHSA-2026:14873

RHSA-2026:14874

Produtos afetados

Active Support

Red Os

PT-2026-27261 · Unknown+1 · Active Support+1

CVE-2026-33176

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26