An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E cve-icon cve-icon
http://www.securityfocus.com/bid/104898 cve-icon cve-icon
http://www.securitytracker.com/id/1041375 cve-icon cve-icon
https://access.redhat.com/errata/RHEA-2018:2188 cve-icon cve-icon
https://access.redhat.com/errata/RHEA-2018:2189 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2700 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2701 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2740 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2741 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2742 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2743 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2921 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2930 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2939 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2945 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:3768 cve-icon cve-icon
https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-1336 cve-icon
https://security.netapp.com/advisory/ntap-20180817-0001/ cve-icon cve-icon
https://support.f5.com/csp/article/K73008537?utm_source=f5support&amp%3Butm_medium=RSS cve-icon cve-icon
https://usn.ubuntu.com/3723-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-1336 cve-icon
https://www.debian.org/security/2018/dsa-4281 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2020.html cve-icon cve-icon
History

Thu, 14 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-11-14T20:35:47.322Z

Reserved: 2017-12-07T00:00:00

Link: CVE-2018-1336

cve-icon Vulnrichment

Updated: 2024-08-05T03:59:38.542Z

cve-icon NVD

Status : Modified

Published: 2018-08-02T14:29:00.270

Modified: 2024-11-21T03:59:38.967

Link: CVE-2018-1336

cve-icon Redhat

Severity : Important

Publid Date: 2018-07-22T00:00:00Z

Links: CVE-2018-1336 - Bugzilla

cve-icon OpenCVE Enrichment

No data.