CVE-2012-0213
Denial of Service vulnerability in poi (Maven)
What is CVE-2012-0213 About?
This denial of service vulnerability in Apache POI allows remote attackers to cause an OutOfMemoryError and potentially destabilize the JVM. It is caused by crafted length values in specific document formats and can be exploited with moderate effort. Successful exploitation leads to service unavailability and potential system crashes.
Affected Software
- org.apache.poi:poi
- <3.10-beta1
- org.apache.poi:poi-scratchpad
- <3.10-beta1
Technical Details
The UnhandledDataStructure function within hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier improperly handles crafted length values embedded in Channel Definition Format (CDF) or Compound File Binary Format (CFBF) documents. An attacker can create a malicious document containing an excessively large or malformed length value. When Apache POI processes this document, the UnhandledDataStructure function attempts to allocate resources or process data based on this manipulated length, leading to an OutOfMemoryError exception as the JVM runs out of available memory. This can further destabilize the entire Java Virtual Machine, causing the application to crash or become unresponsive. The attack vector involves tricking a user into opening a specially crafted document.
What is the Impact of CVE-2012-0213?
Successful exploitation may allow attackers to disrupt the availability of the affected application or system, leading to service outages and potential data processing interruptions.
What is the Exploitability of CVE-2012-0213?
Exploitation of this vulnerability requires an attacker to create and deliver a specially crafted document (CDF or CFBF format) to a target system. The complexity is moderate, as it involves understanding the document format and how Apache POI parses length values. No authentication or specific privileges are required for the initial delivery of the malicious document, but it usually relies on user interaction (e.g., opening the document). The attack is remote, as the document can be sent over a network. The primary risk factor is the widespread use of Apache POI for document processing, increasing the likelihood of encountering vulnerable versions within various applications.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2012-0213?
Available Upgrade Options
- org.apache.poi:poi-scratchpad
- <3.10-beta1 → Upgrade to 3.10-beta1
- org.apache.poi:poi
- <3.10-beta1 → Upgrade to 3.10-beta1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- http://www-01.ibm.com/support/docview.wss?uid=swg21996759
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0044
- http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084609.html
- https://bugzilla.redhat.com/show_bug.cgi?id=799078
- http://secunia.com/advisories/49040
- http://rhn.redhat.com/errata/RHSA-2012-1232.html
- http://www.debian.org/security/2012/dsa-2468
- http://www-01.ibm.com/support/docview.wss?uid=swg21996759
- http://www.securityfocus.com/bid/53487
- https://github.com/apache/poi
What are Similar Vulnerabilities to CVE-2012-0213?
Similar Vulnerabilities: CVE-2017-5643 , CVE-2016-8742 , CVE-2017-9800 , CVE-2014-0050 , CVE-2014-3450
