CVE-2018-1336
Description
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
15.005
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2018-1336 are affected in Tomcat 9.0.7 | Windows |
| Vulnerabilities CVE-2018-1336 are fixed in Apache - tomcat-embed-core 8.5.31 | Windows |
| Vulnerabilities CVE-2018-1336 are fixed in Apache - tomcat-embed-core 7.0.87 | Windows |
| Vulnerabilities CVE-2018-1336 are fixed in Apache - tomcat-embed-core 9.0.8 | Windows |
| Vulnerabilities CVE-2018-1336,CVE-2018-1304 are fixed in Apache - tomcat-embed-core 8.0.51 | Windows |
| Servlet and JSP engine (USN-3723-1) tomcat7_7.0.52-1ubuntu0.15_all.deb | Linux |
| Servlet and JSP engine (USN-3723-1) tomcat8_8.0.32-1ubuntu1.7_all.deb | Linux |
| Servlet and JSP engine (USN-3723-1) libtomcat8-java_8.0.32-1ubuntu1.7_all.deb | Linux |
| tomcat8 security update(DSA-3974-1) tomcat8_8.5.14-1+deb9u3_all.deb | Linux |
| tomcat8 security update(DSA-4281-1) tomcat8_8.5.14-1+deb9u3_all.deb | Linux |
| Tomcat security update (CESA-2018:2921) tomcat-7.0.76-8.el7_5.noarch.rpm | Linux |
| Tomcat security update (CESA-2018:2921) tomcat-lib-7.0.76-8.el7_5.noarch.rpm | Linux |
| Tomcat security update (CESA-2018:2921) tomcat-jsvc-7.0.76-8.el7_5.noarch.rpm | Linux |
| Tomcat security update (CESA-2018:2921) tomcat-javadoc-7.0.76-8.el7_5.noarch.rpm | Linux |
| Tomcat security update (CESA-2018:2921) tomcat-webapps-7.0.76-8.el7_5.noarch.rpm | Linux |
| Tomcat security update (CESA-2018:2921) tomcat-el-2.2-api-7.0.76-8.el7_5.noarch.rpm | Linux |
| Tomcat security update (CESA-2018:2921) tomcat-docs-webapp-7.0.76-8.el7_5.noarch.rpm | Linux |
| Tomcat security update (CESA-2018:2921) tomcat-jsp-2.2-api-7.0.76-8.el7_5.noarch.rpm | Linux |
| Tomcat security update (CESA-2018:2921) tomcat-admin-webapps-7.0.76-8.el7_5.noarch.rpm | Linux |
| Tomcat security update (CESA-2018:2921) tomcat-servlet-3.0-api-7.0.76-8.el7_5.noarch.rpm | Linux |
| (RHSA-2018:2921) tomcat security update tomcat-7.0.76-8.el7_5.noarch.rpm | Linux |
| (RHSA-2018:2921) tomcat security update tomcat-admin-webapps-7.0.76-8.el7_5.noarch.rpm | Linux |
| (RHSA-2018:2921) tomcat security update tomcat-docs-webapp-7.0.76-8.el7_5.noarch.rpm | Linux |
| (RHSA-2018:2921) tomcat security update tomcat-el-2.2-api-7.0.76-8.el7_5.noarch.rpm | Linux |
| (RHSA-2018:2921) tomcat security update tomcat-javadoc-7.0.76-8.el7_5.noarch.rpm | Linux |
| (RHSA-2018:2921) tomcat security update tomcat-jsp-2.2-api-7.0.76-8.el7_5.noarch.rpm | Linux |
| (RHSA-2018:2921) tomcat security update tomcat-jsvc-7.0.76-8.el7_5.noarch.rpm | Linux |
| (RHSA-2018:2921) tomcat security update tomcat-lib-7.0.76-8.el7_5.noarch.rpm | Linux |
| (RHSA-2018:2921) tomcat security update tomcat-servlet-3.0-api-7.0.76-8.el7_5.noarch.rpm | Linux |
| (RHSA-2018:2921) tomcat security update tomcat-webapps-7.0.76-8.el7_5.noarch.rpm | Linux |
| SUSE-SU-2018:2699-1(SUSE Linux Enterprise Server 12-SP3 ) tomcat-8.0.53-29.13.1.noarch.rpm | Linux |
| SUSE-SU-2018:2699-1(SUSE Linux Enterprise Server 12-SP3 ) tomcat-admin-webapps-8.0.53-29.13.1.noarch.rpm | Linux |
| SUSE-SU-2018:2699-1(SUSE Linux Enterprise Server 12-SP3 ) tomcat-docs-webapp-8.0.53-29.13.1.noarch.rpm | Linux |
| SUSE-SU-2018:2699-1(SUSE Linux Enterprise Server 12-SP3 ) tomcat-el-3_0-api-8.0.53-29.13.1.noarch.rpm | Linux |
| SUSE-SU-2018:2699-1(SUSE Linux Enterprise Server 12-SP3 ) tomcat-javadoc-8.0.53-29.13.1.noarch.rpm | Linux |
| SUSE-SU-2018:2699-1(SUSE Linux Enterprise Server 12-SP3 ) tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch.rpm | Linux |
| SUSE-SU-2018:2699-1(SUSE Linux Enterprise Server 12-SP3 ) tomcat-lib-8.0.53-29.13.1.noarch.rpm | Linux |
| SUSE-SU-2018:2699-1(SUSE Linux Enterprise Server 12-SP3 ) tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch.rpm | Linux |
| SUSE-SU-2018:2699-1(SUSE Linux Enterprise Server 12-SP3 ) tomcat-webapps-8.0.53-29.13.1.noarch.rpm | Linux |
| (CESA-2018:2921) tomcat security update tomcat-el-2.2-api-7.0.76-8.el7_5.noarch.rpm | Linux |
| (CESA-2018:2921) tomcat security update tomcat-jsp-2.2-api-7.0.76-8.el7_5.noarch.rpm | Linux |
| (CESA-2018:2921) tomcat security update tomcat-servlet-3.0-api-7.0.76-8.el7_5.noarch.rpm | Linux |
| Vulnerability CVE-2018-1336 are affected in Tomcat 9.0.7 (For Linux) | Linux |
| Vulnerabilities CVE-2018-1336 are fixed in Apache - tomcat-embed-core for Linux 8.5.31 | Linux |
| Vulnerabilities CVE-2018-1336 are fixed in Apache - tomcat-embed-core for Linux 7.0.87 | Linux |
| Vulnerabilities CVE-2018-1336 are fixed in Apache - tomcat-embed-core for Linux 9.0.8 | Linux |
| Vulnerabilities CVE-2018-1336,CVE-2018-1304 are fixed in Apache - tomcat-embed-core for Linux 8.0.51 | Linux |
| Loop with Unreachable Exit Condition (Infinite Loop) Vulnerability (CVE-2018-1336) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234