https://bugzilla.redhat.com/show_bug.cgi?id=1607591
Bug ID: 1607591
Summary: CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can
lead to DoS
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: abhgupta(a)redhat.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, alee(a)redhat.com,
anstephe(a)redhat.com, apintea(a)redhat.com,
avibelli(a)redhat.com, bgeorges(a)redhat.com,
bkundal(a)redhat.com, bmaxwell(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
cmoulliard(a)redhat.com, coolsvap(a)gmail.com,
csutherl(a)redhat.com, darran.lofthouse(a)redhat.com,
dbaker(a)redhat.com, dimitris(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
etirelli(a)redhat.com, fgavrilo(a)redhat.com,
gvarsami(a)redhat.com, gzaronik(a)redhat.com,
hghasemb(a)redhat.com, hhorak(a)redhat.com,
ibek(a)redhat.com, ikanello(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jclere(a)redhat.com, jcoleman(a)redhat.com,
jdoyle(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jondruse(a)redhat.com,
jorton(a)redhat.com, jpallich(a)redhat.com,
jschatte(a)redhat.com, jshepherd(a)redhat.com,
jstastny(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
lgao(a)redhat.com, loleary(a)redhat.com,
lpetrovi(a)redhat.com, lthon(a)redhat.com,
mbabacek(a)redhat.com, mizdebsk(a)redhat.com,
mszynkie(a)redhat.com, myarboro(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pgallagh(a)redhat.com, pgier(a)redhat.com,
pjurak(a)redhat.com, ppalaga(a)redhat.com,
psakar(a)redhat.com, pslavice(a)redhat.com,
pszubiak(a)redhat.com, rnetuka(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rstancel(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
rzhang(a)redhat.com, sdaley(a)redhat.com,
spinder(a)redhat.com, sstavrev(a)redhat.com,
sthangav(a)redhat.com, tcunning(a)redhat.com,
theute(a)redhat.com, tkirby(a)redhat.com,
trankin(a)redhat.com, trogers(a)redhat.com,
twalsh(a)redhat.com, vhalbert(a)redhat.com,
vtunka(a)redhat.com, weli(a)redhat.com
Flaw affecting tomcat 8.0.0.RC1 to 8.0.51 and 9.0.0.M1 to 9.0.7. An improper
handing of overflow in the UTF-8 decoder with supplementary characters can lead
to an infinite loop in the decoder causing a Denial of Service.
Upstream patch:
http://svn.apache.org/viewvc?view=rev&rev=1830375
http://svn.apache.org/viewvc?view=rev&rev=1830373
References:
https://tomcat.apache.org/security-8.html
https://tomcat.apache.org/security-9.html
--
You are receiving this mail because:
You are on the CC list for the bug.