CVE-2018-1336

Summary

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Tomcat9.0.0.M9 to 9.0.7affected
Apache Software FoundationApache Tomcat8.5.0 to 8.5.30affected
Apache Software FoundationApache Tomcat8.0.0.RC1 to 8.0.51affected
Apache Software FoundationApache Tomcat7.0.28 to 7.0.86affected

Weaknesses

  • Denial of Service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References