Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
2.17.2
-
None
-
None
Description
I believe this is a similar issue to what's listed here, although there it is deemed fixed in 2.17.0: https://issues.apache.org/jira/browse/LOG4J2-3230
Using Code Intelligence's fuzz testing tool (Jazzer), the exception was found by having the tool pass in generated strings to the replace method of the StrSubstitutor class. See also the message below:
{{== Java Exception: java.lang.IllegalStateException: Infinite loop in property interpolation of ${k:$}ߤ{${$k:${$k}߀��$}����:$����$}����-: $k
at org.apache.logging.log4j.core.lookup.StrSubstitutor.checkCyclicSubstitution(StrSubstitutor.java:1087)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:1034)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:1047)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:912)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:467)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:451)
at Log4jFuzzer.fuzzerTestOneInput(Log4jFuzzer.java:16)}}
In the attachments I included some files that can be used to try and reproduce the issue. The lowercase crash file contains the input that the fuzzing tool passed into the method.