Description
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader 

Versions Affected: 

before 2.5.9

before 3.0.0-M3 

Description:


The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() each read a 32-bit signed integer count field from a binary model stream and pass that value directly to an array allocation (new String[numOutcomes], new int[numOCTypes][], new String[NUM_PREDS]) without validating that the value is non-negative or within a reasonable bound. The count is therefore fully attacker-controlled when the model file originates from an untrusted source.


A crafted .bin model file in which any of these count fields is set to Integer.MAX_VALUE (or any value large enough to exhaust the available heap) triggers an OutOfMemoryError at the array allocation itself, before the corresponding label or pattern data is consumed from the stream. The error occurs very early in deserialization: for a GIS model, getOutcomes() is reached after only the model-type string, the correction constant, and the correction parameter have been read; so the attacker pays no meaningful size cost to weaponize a payload, and a single small file can crash a JVM that loads it. Any code path that deserializes a .bin model is affected, including direct use of GenericModelReader and any higher-level component that delegates to it during model load.


The practical impact is denial of service against processes that load model files from untrusted or semi-trusted origins.  


Mitigation:



* 2.x users should upgrade to 2.5.9.

* 3.x users should upgrade to 3.0.0-M3.




Note: The fix introduces an upper bound on each of the three count fields, checked before array allocation; counts that are negative or exceed the bound cause an IllegalArgumentException to be thrown and the read to fail fast with no large allocation. The default bound is 10,000,000, which is well above the entry counts of legitimate OpenNLP models but far below any value that would threaten heap exhaustion. Deployments that legitimately need to load models with more entries than the default can raise the limit at JVM startup by setting the OPENNLP_MAX_ENTRIES system property to the desired positive integer (e.g. -DOPENNLP_MAX_ENTRIES=50000000); invalid or non-positive values fall back to the default.


Users who cannot upgrade immediately should treat all .bin model files as untrusted input unless their provenance is verified, and should avoid loading models supplied by end users or fetched from third-party repositories without integrity checks.
Published: 2026-05-04
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw arises because AbstractModelReader reads a signed integer from a binary model file and passes it directly to an array allocation without checking for negative or excessively large values. An attacker can craft a model file that sets the count fields to Integer.MAX_VALUE or another large value, causing an OutOfMemoryError during the early stages of deserialization. This represents a failure to enforce bounds on resource allocation (CWE-770) and unchecked resource consumption (CWE-789). The vulnerability leads to a denial‑of‑service condition when a vulnerable JVM attempts to load the malicious model.

Affected Systems

The vulnerability affects Apache OpenNLP prior to versions 2.5.9 and 3.0.0-M3. Any component that loads a .bin model file—such as GenericModelReader or higher‑level utilities— is impacted if it processes models from untrusted or semi‑trusted origins.

Risk and Exploitability

The risk is high in environments where user or third‑party supplied model files are accepted, because an attacker can trigger a crash with a single, lightweight file. The CVSS score is 7.5, indicating significant potential for automated exploitation. The EPSS score of <1% indicates a very low but non‑zero likelihood of exploitation, and the vulnerability is not listed in CISA’s KEV catalog, which does not alter the possibility of a denial‑of‑service attack. The attack vector is local or remote, depending on whether the application accepts model files over a network or from untrusted users.

Generated by OpenCVE AI on May 26, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Apache OpenNLP 2.5.9 or newer 3.0.0-M3 so that count values are bounded before array allocation.
  • Do not load .bin model files that originate from untrusted sources; verify the provenance or integrity of the file before deserialization.
  • If larger model entry counts are required, set the OPENNLP_MAX_ENTRIES JVM property to a safe value (e.g., -DOPENNLP_MAX_ENTRIES=50000000) while ensuring the value is positive and within system limits.

Generated by OpenCVE AI on May 26, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-659w-93r5-9j6m Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation
History

Tue, 26 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 06 May 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apache:opennlp:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:opennlp:3.0.0:m1:*:*:*:*:*:*
cpe:2.3:a:apache:opennlp:3.0.0:m2:*:*:*:*:*:*

Tue, 05 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache opennlp
Vendors & Products Apache
Apache opennlp

Mon, 04 May 2026 18:30:00 +0000

Type Values Removed Values Added
References

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2.5.9 before 3.0.0-M3  Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() each read a 32-bit signed integer count field from a binary model stream and pass that value directly to an array allocation (new String[numOutcomes], new int[numOCTypes][], new String[NUM_PREDS]) without validating that the value is non-negative or within a reasonable bound. The count is therefore fully attacker-controlled when the model file originates from an untrusted source. A crafted .bin model file in which any of these count fields is set to Integer.MAX_VALUE (or any value large enough to exhaust the available heap) triggers an OutOfMemoryError at the array allocation itself, before the corresponding label or pattern data is consumed from the stream. The error occurs very early in deserialization: for a GIS model, getOutcomes() is reached after only the model-type string, the correction constant, and the correction parameter have been read; so the attacker pays no meaningful size cost to weaponize a payload, and a single small file can crash a JVM that loads it. Any code path that deserializes a .bin model is affected, including direct use of GenericModelReader and any higher-level component that delegates to it during model load. The practical impact is denial of service against processes that load model files from untrusted or semi-trusted origins.   Mitigation: * 2.x users should upgrade to 2.5.9. * 3.x users should upgrade to 3.0.0-M3. Note: The fix introduces an upper bound on each of the three count fields, checked before array allocation; counts that are negative or exceed the bound cause an IllegalArgumentException to be thrown and the read to fail fast with no large allocation. The default bound is 10,000,000, which is well above the entry counts of legitimate OpenNLP models but far below any value that would threaten heap exhaustion. Deployments that legitimately need to load models with more entries than the default can raise the limit at JVM startup by setting the OPENNLP_MAX_ENTRIES system property to the desired positive integer (e.g. -DOPENNLP_MAX_ENTRIES=50000000); invalid or non-positive values fall back to the default. Users who cannot upgrade immediately should treat all .bin model files as untrusted input unless their provenance is verified, and should avoid loading models supplied by end users or fetched from third-party repositories without integrity checks.
Title Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader
Weaknesses CWE-789
References

Subscriptions

Apache Opennlp
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-05-05T16:03:03.237Z

Reserved: 2026-04-27T12:43:14.347Z

Link: CVE-2026-42440

cve-icon Vulnrichment

Updated: 2026-05-04T17:37:00.275Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T17:16:26.147

Modified: 2026-05-06T18:09:43.483

Link: CVE-2026-42440

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-04T16:40:32Z

Links: CVE-2026-42440 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T13:30:05Z

Weaknesses