Miggo Logo

CVE-2022-24197:
Out-of-bounds Write in iText

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.33552%
Published
2/2/2022
Updated
3/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.itextpdf:itext7-coremaven<= 7.1.177.1.18

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The CVE description explicitly identifies ByteBuffer.append as the vulnerable component. The GitHub advisory and linked pull request #78 both list this function under StackOverflowError triggers. The maintainer's comment confirms this was addressed in commit 88c9cb7 for 7.1.18. The stack-based buffer overflow mechanism aligns with the CWE-787 classification and the described DoS impact.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

iT*xt v*.*.** w*s *is*ov*r** to *ont*in * st**k-**s** *u***r ov*r*low vi* t** *ompon*nt *yt**u***r.*pp*n*, w*i** *llows *tt**k*rs to **us* * **ni*l o* S*rvi** (*oS) vi* * *r**t** P** *il*.

Reasoning

T** *V* **s*ription *xpli*itly i**nti*i*s `*yt**u***r.*pp*n*` *s t** vuln*r**l* *ompon*nt. T** *it*u* **visory *n* link** pull r*qu*st #** *ot* list t*is `*un*tion` un**r `St**kOv*r*low*rror` tri***rs. T** m*int*in*r's *omm*nt *on*irms t*is w*s ***r*