Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-41404
CVE-2022-41404:
Java vulnerability analysis and mitigation
Overview
An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. The vulnerability was discovered in October 2022 and affects the ini4j library, which is used for handling Windows ini file format (NVD, Debian LTS).
Technical details
The vulnerability exists in the recursive calls from the BasicProfileSection.fetch and BasicProfile.resolve methods, where recursive loops can occur without any limitation when processing manipulated ini files. The issue has a CVSS v3.1 Base Score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD, SourceForge Bug).
Impact
When exploited, this vulnerability can lead to a Denial of Service condition through infinite recursion when processing specially crafted ini files. The attack affects the availability of applications using the vulnerable ini4j library (NVD).
Mitigation and workarounds
Users are recommended to upgrade to ini4j version 0.5.4 or later which addresses this vulnerability. For Debian 10 (buster) users, the fix is available in version 0.5.4-1~deb10u1 (Debian LTS).
Additional resources
Source: This report was generated using AI
Related Java vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management