PT-2018-18380 · Apache · Apache Orc

Terry Chia

Published

2018-05-18

Updated

2022-05-13

CVE-2018-8015

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Apache ORC versions 1.0.0 through 1.4.3

Description: A malformed ORC file can cause an endlessly recursive function call in the C++ or Java parser, potentially leading to a denial-of-service against software that uses the ORC file parser. The C++ parser may also experience a stack overflow, which could corrupt the stack.

Recommendations: For Apache ORC versions 1.0.0 through 1.4.3, consider updating to a version that fixes this issue to prevent denial-of-service attacks and potential stack corruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

CVE-2018-8015

GHSA-MQMP-4MCP-VG8V

Affected Products

Apache Orc

PT-2018-18380 · Apache · Apache Orc

CVE-2018-8015

Weakness Enumeration

Related Identifiers

Affected Products

References · 10