====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN422
_____________________________________________________________________

DATE                : 26/12/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Tika versions 1.8 up to
                                    and including 1.19.1.

=====================================================================
http://mail-archives.apache.org/mod_mbox/tika-user/201812.mbox/%3cCAC1dCwWhYmbkxAvFKgGSFd_ffp5EeCimB2gBXTo+9-F7v6TSNQ@mail.gmail.com%3e
_____________________________________________________________________

[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in
Tika's SQLite3Parser

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected: Apache Tika 1.8 to 1.19.1

Description:
A carefully crafted or corrupt sqlite file can cause an infinite loop
in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.


Mitigation:
Apache Tika users should upgrade to 1.20 or later.


Credit:
This issue was discovered by Tim Allison on the Apache Tika Team.


===============================================================
+ CERT-RENATER               | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel         | fax : 01-53-94-20-41           +
+ 75013 Paris                | email: cert@support.renater.fr +
===============================================================