cvelist/2018/8xxx/CVE-2018-8015.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "security@apache.org",
      "DATE_PUBLIC" : "2018-05-17T00:00:00",
      "ID" : "CVE-2018-8015",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Apache ORC",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "1.0.0 to 1.4.3"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Apache Software Foundation"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Denial of Service"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://orc.apache.org/security/CVE-2018-8015/",
            "refsource" : "CONFIRM",
            "url" : "https://orc.apache.org/security/CVE-2018-8015/"
         },
         {
            "name" : "104215",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/104215"
         }
      ]
   }
}
- Synchronized data. 2018-03-09 16:03:15 -05:00			`{`
			`"CVE_data_meta" : {`
- Added submission from Apache ORC from 2018-05-17. 2018-05-18 12:19:26 -04:00			`"ASSIGNER" : "security@apache.org",`
			`"DATE_PUBLIC" : "2018-05-17T00:00:00",`
- Synchronized data. 2018-03-09 16:03:15 -05:00			`"ID" : "CVE-2018-8015",`
- Added submission from Apache ORC from 2018-05-17. 2018-05-18 12:19:26 -04:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
Go through all entries where assigner is security@apache.org (recent Apache CNA) and ensure that the product names are correct and consistent (which in most cases means adding "Apache", but some required more work). Make sure the vendor name is correct. Make sure affected versions matches the text somewhat, although we don't try to make every product write these in the same way, they're not supposed to be totally machine readable. Then make some fixes to the text as required where there are mistakes or inconsistencies or the Apache name isn't mentioned. There are 5 left untouched for now, one is known (where we assigned an issues to an incubator version which came out prior to being part of Apache), and four which need more work. 2019-02-08 14:15:02 +00:00			`"product_name" : "Apache ORC",`
- Added submission from Apache ORC from 2018-05-17. 2018-05-18 12:19:26 -04:00			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "1.0.0 to 1.4.3"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Apache Software Foundation"`
			`}`
			`]`
			`}`
- Synchronized data. 2018-03-09 16:03:15 -05:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Synchronized data. 2018-05-18 13:08:36 -04:00			`"value" : "In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack."`
- Added submission from Apache ORC from 2018-05-17. 2018-05-18 12:19:26 -04:00			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Denial of Service"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Synchronized data. 2018-05-18 13:08:36 -04:00			`"name" : "https://orc.apache.org/security/CVE-2018-8015/",`
			`"refsource" : "CONFIRM",`
- Added submission from Apache ORC from 2018-05-17. 2018-05-18 12:19:26 -04:00			`"url" : "https://orc.apache.org/security/CVE-2018-8015/"`
- Synchronized data. 2018-05-22 06:06:49 -04:00			`},`
			`{`
			`"name" : "104215",`
			`"refsource" : "BID",`
			`"url" : "http://www.securityfocus.com/bid/104215"`
- Synchronized data. 2018-03-09 16:03:15 -05:00			`}`
			`]`
			`}`
			`}`