Bug 2274516 (CVE-2024-23080) - CVE-2024-23080 joda-time: Null pointer exeption may lead to DoS
Summary: CVE-2024-23080 joda-time: Null pointer exeption may lead to DoS
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2024-23080
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2274518 2274522 2274523 2274524 2274526
Blocks: 2274519
TreeView+ depends on / blocked
 
Reported: 2024-04-11 13:01 UTC by Marco Benatto
Modified: 2024-04-18 02:35 UTC (History)
102 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2024-04-16 18:17:12 UTC
Embargoed:

Attachments (Terms of Use)

Description Marco Benatto 2024-04-11 13:01:08 UTC 
Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale).

http://joda.com
https://gist.github.com/LLM4IG/6614bfa658295d7af07a6d37e06db27f
https://github.com/JodaOrg/joda-time
Comment 1 Marco Benatto 2024-04-11 13:03:31 UTC 
Created picocli tracking bugs for this issue:

Affects: fedora-all [bug 2274518]
Comment 4 Borja Tarraso 2024-04-16 18:17:12 UTC 
This issue was raised by an AI-driven bot. The CVE describes that a NullPointerException is thrown when null is passed into a method. This is perfectly normal and not a security issue or CVE.

Users of Joda-Time do not need to take any action as the CVE is invalid. This has been confirmed by the Joda-Time Security team at https://www.joda.org/joda-time//security.html.
Note You need to log in before you can comment on or make changes to this bug.