Bug 2457321 (CVE-2026-34481)
| Summary: | CVE-2026-34481 org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | asoldano, ataylor, bbaranow, bmaxwell, bstansbe, chfoley, dbruscin, dlofthou, fmariani, gmalinko, istudens, ivassile, iweiss, janstey, jwon, kvanderr, mcarlett, mosmerov, msvehla, nwallace, pberan, pesilva, pjindal, pmackay, rgodfrey, rhel-process-autobot, rstancel, rstepani, smaestri, swoodman, tcunning, thjenkin, vdosoudi, watson-tool-maintainers, yfang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Apache Log4j's JsonTemplateLayout. This vulnerability allows a remote attacker to disrupt log processing systems. By sending log events that include specific non-numeric floating-point values, the attacker can cause the JsonTemplateLayout to generate invalid JSON output. This invalid output can then lead to downstream systems rejecting or failing to index these logs, effectively causing a denial of service for log analysis.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2457909 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-04-10 16:02:08 UTC
|