A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. External References: https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E
Created tika tracking bugs for this issue: Affects: fedora-all [bug 1663926]
This vulnerability is out of security support scope for the following product: * Red Hat JBoss Data Virtualization & Services 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This vulnerability is out of security support scope for the following products: * Red Hat JBoss BRMS 5 * Red Hat JBoss BRMS 6 * Red Hat JBoss BPM Suite 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Fuse Service Works 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Fuse 7.5 ships tika 1.20. Marking NOTAFFECTED.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-17197