PublicDateAtUSN: 2018-07-24
Candidate: CVE-2018-1336
PublicDate: 2018-08-02 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1336
 https://ubuntu.com/security/notices/USN-3723-1
Description:
 An improper handing of overflow in the UTF-8 decoder with supplementary
 characters can lead to an infinite loop in the decoder causing a Denial of
 Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to
 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802312
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_tomcat7:
 upstream: https://svn.apache.org/r1830376 (7.0.x)
upstream_tomcat7: released (7.0.72-3)
precise/esm_tomcat7: DNE
trusty_tomcat7: released (7.0.52-1ubuntu0.15)
trusty/esm_tomcat7: released (7.0.52-1ubuntu0.15)
xenial_tomcat7: ignored (end of standard support, was needed)
bionic_tomcat7: not-affected (7.0.78-1)
cosmic_tomcat7: not-affected
disco_tomcat7: DNE
eoan_tomcat7: DNE
focal_tomcat7: DNE
groovy_tomcat7: DNE
hirsute_tomcat7: DNE
impish_tomcat7: DNE
jammy_tomcat7: DNE
devel_tomcat7: DNE

Patches_tomcat8.0:
 upstream: https://svn.apache.org/r1830375 (8.0.x)
upstream_tomcat8.0: released (8.0.52)
precise/esm_tomcat8.0: DNE
trusty_tomcat8.0: DNE
trusty/esm_tomcat8.0: DNE
xenial_tomcat8.0: DNE
bionic_tomcat8.0: DNE
cosmic_tomcat8.0: DNE
disco_tomcat8.0: DNE
eoan_tomcat8.0: DNE
focal_tomcat8.0: DNE
groovy_tomcat8.0: DNE
hirsute_tomcat8.0: DNE
impish_tomcat8.0: DNE
jammy_tomcat8.0: DNE
devel_tomcat8.0: DNE

Patches_tomcat8:
 upstream: https://svn.apache.org/r1830374 (8.5.x)
 upstream: https://svn.apache.org/r1830375 (8.0.x)
upstream_tomcat8: released (8.5.31-1)
precise/esm_tomcat8: DNE
trusty_tomcat8: DNE
trusty/esm_tomcat8: DNE
xenial_tomcat8: released (8.0.32-1ubuntu1.7)
esm-infra/xenial_tomcat8: released (8.0.32-1ubuntu1.7)
bionic_tomcat8: released (8.5.39-1ubuntu1~18.04.1)
cosmic_tomcat8: not-affected (8.5.32-1ubuntu2)
disco_tomcat8: DNE
eoan_tomcat8: DNE
focal_tomcat8: DNE
groovy_tomcat8: DNE
hirsute_tomcat8: DNE
impish_tomcat8: DNE
jammy_tomcat8: DNE
devel_tomcat8: DNE