[CONFIGURATION-818] Stackoverflow bugs fixed in 2.8.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.7
Fix Version/s: 2.8.0
Component/s: None
Labels:
- security

Description

Dear Apache Commons Configuration maintainers,

The Code Intelligence JVM fuzzer Jazzer has found multiple vulnerabilities in Apache Commons Configuration during a fuzzing run in Google OSS-Fuzz. The vulnerabilities were already fixed. Version <= 2.7 of Apache Commons Configuration is vulnerable.

Detailed Information can be found here:

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48737

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48610

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48522

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48391

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48195

Please let me know if you have any questions regarding fuzzing or the OSS-Fuzz integration.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

48195.zip
12/Aug/22 10:20
12.75 MB
Henry Lin
48391.zip
12/Aug/22 10:20
12.75 MB
Henry Lin
48522.zip
12/Aug/22 18:31
12.75 MB
Henry Lin
48610.zip
12/Aug/22 18:31
12.75 MB
Henry Lin
48737.zip
12/Aug/22 10:20
12.75 MB
Henry Lin

Activity

People

Assignee:: Unassigned

Reporter:: Henry Lin

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 03/Aug/22 12:34

Updated:: 12/Aug/22 18:33

Resolved:: 06/Aug/22 12:22