===================================================================== CERT-Renater Note d'Information No. 2024/VULN134 _____________________________________________________________________ DATE : 21/03/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache Commons Configuration versions prior to 2.10.1. ===================================================================== https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2 https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37 _____________________________________________________________________ CVE-2024-29133: Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree Posted to user@commons.apache.org Gary D. Gregory - mercredi 20 mars 2024 22:53:35 UTC+1 Severity: low Affected versions: - Apache Commons Configuration 2.0 before 2.10.1 Description: Out-of-bounds Write vulnerability in Apache Commons Configuration. This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. This issue is being tracked as CONFIGURATION-841 Credit: Gary Gregory (finder) References: https://commons.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-29133 https://issues.apache.org/jira/browse/CONFIGURATION-841 _____________________________________________________________________ CVE-2024-29131: Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() Posted to user@commons.apache.org Gary D. Gregory - mercredi 20 mars 2024 22:53:38 UTC+1 Severity: low Affected versions: - Apache Commons Configuration 2.0 before 2.10.1 Description: Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. This issue is being tracked as CONFIGURATION-840 Credit: Bob Marinier (finder) References: https://commons.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-29131 https://issues.apache.org/jira/browse/CONFIGURATION-840 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================