Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
| Score | Percentile |
|---|---|
| 46.75% | 97.64% |
No CVSS scores in this advisory.
| Type | Value |
|---|---|
| GHSA | GHSA-475f-74wp-pqv5 ↗ |
| CVE | CVE-2014-0075 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| maven | org.apache.tomcat:tomcat | < 6.0.40 | 6.0.40 | — |
| maven | org.apache.tomcat:tomcat | >= 7.0.0, < 7.0.53 | 7.0.53 | — |
| maven | org.apache.tomcat:tomcat | >= 8.0.0, < 8.0.4 | 8.0.4 | — |
| maven | org.apache.tomcat:tomcat-coyote | < 6.0.40 | 6.0.40 | — |
| maven | org.apache.tomcat:tomcat-coyote | >= 7.0.0, < 7.0.53 | 7.0.53 | — |
| maven | org.apache.tomcat:tomcat-coyote | >= 8.0.0, < 8.0.4 | 8.0.4 | — |