Vulnerability Details CVE-2018-8015
In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.041
EPSS Ranking 88.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-8015
-
cpe:2.3:a:apache:orc:1.1.0
-
cpe:2.3:a:apache:orc:1.1.1
-
cpe:2.3:a:apache:orc:1.1.2
-
cpe:2.3:a:apache:orc:1.2.0
-
cpe:2.3:a:apache:orc:1.2.1
-
cpe:2.3:a:apache:orc:1.2.2
-
cpe:2.3:a:apache:orc:1.2.3
-
cpe:2.3:a:apache:orc:1.3.0
-
cpe:2.3:a:apache:orc:1.3.1
-
cpe:2.3:a:apache:orc:1.3.2
-
cpe:2.3:a:apache:orc:1.3.3
-
cpe:2.3:a:apache:orc:1.3.4
-
cpe:2.3:a:apache:orc:1.4.0
-
cpe:2.3:a:apache:orc:1.4.1
-
cpe:2.3:a:apache:orc:1.4.2
-
cpe:2.3:a:apache:orc:1.4.3