Impact
AbstractModelReader in Apache OpenNLP allocates arrays for outcomes, outcome patterns, and predicates by using a 32‑bit signed integer read from a binary .bin model file, without validating the value. Because the count is attacker‑controlled, a malicious model can set it to Integer.MAX_VALUE or another large number, causing the JVM to attempt an out‑of‑range allocation and fail with an OutOfMemoryError during deserialization. This failure to enforce bounds on resource allocation (CWE-770) and unchecked resource consumption (CWE-789) leads to a denial‑of‑service condition when a process loads a malicious model from an untrusted source.
Affected Systems
The vulnerability affects Apache OpenNLP prior to versions 2.5.9 and 3.0.0-M3. Any component that loads a .bin model file—such as GenericModelReader or higher‑level utilities— is impacted if it processes models from untrusted or semi‑trusted origins.
Risk and Exploitability
The risk is high in environments where user or third‑party supplied model files are accepted, because an attacker can trigger a crash with a single, lightweight file. The CVSS score is 7.5, indicating significant potential for automated exploitation. The EPSS score of <1% indicates a very low but non‑zero likelihood of exploitation, and the vulnerability is not listed in CISA’s KEV catalog, which does not alter the possibility of a denial‑of‑service attack. The attack vector is local or remote, depending on whether the application accepts model files over a network or from untrusted users.
OpenCVE Enrichment
Github GHSA