https://bz.apache.org/bugzilla/show_bug.cgi?id=65746
--- Comment #5 from [email protected] --- (In reply to wenjiezander from comment #0) > # java.lang.NullPointerException in > `org.apache.poi.openxml4j.opc.internal.unmarshallers. > PackagePropertiesUnmarshaller.checkElementForOPCCompliance:: > PackagePropertiesUnmarshaller.java:243` poi 5.1.0 > > This vulnerability is of java.lang.NullPointerException and can be > triggered in latest version poi (5.1.0). > It is caused by not checking the pointer before dereference it and also > failing to catch the runtime java exception and can be used for attackers to > launch DoS (Denial of Service) attack for any java program that uses this > library (since the user of POI doesn't know they need to catch this kind of > exception) (CWE-476: NULL Pointer Dereference, CWE-248: Uncaught > exception). > Likely, the root cause of this crash is in > `org.apache.poi.openxml4j.opc.internal.unmarshallers. > PackagePropertiesUnmarshaller.checkElementForOPCCompliance:: > PackagePropertiesUnmarshaller.java:243`. > See more detail from the following crash stack. > > # Crash stack: > The crash thread's stack is as follows: > > ``` > org.apache.poi.openxml4j.opc.internal.unmarshallers. > PackagePropertiesUnmarshaller.checkElementForOPCCompliance:: > PackagePropertiesUnmarshaller.java:243 > org.apache.poi.openxml4j.opc.internal.unmarshallers. > PackagePropertiesUnmarshaller.unmarshall::PackagePropertiesUnmarshaller.java: > 111 > org.apache.poi.openxml4j.opc.OPCPackage.getParts::OPCPackage.java:760 > org.apache.poi.openxml4j.opc.OPCPackage.open::OPCPackage.java:315 > org.apache.poi.ooxml.util.PackageHelper.open::PackageHelper.java:47 > org.apache.poi.xssf.usermodel.XSSFWorkbook.<init>::XSSFWorkbook.java:296 > com.test.Entry.main::Entry.java:32 > ``` > > > # Steps to reproduce: > > 1. Build the following java code with the corresponding poi library (version > 5.1.0). > > ``` > ## Download poi_env_reproduce.zip from > https://drive.google.com/file/d/1N4gUC0MF-SAN-Xz0van0_7TbNj4aUuFd/ > view?usp=sharing > unzip poi_env_reproduce.zip > cd poi_env_reproduce > bash build.sh > ``` > > 2. Run the built program to see the crash by feeding one of the poc file > contained in the pocs.tar.gz, e.g. : > > ```bash > java -jar target/Entry-1.0-SNAPSHOT-jar-with-dependencies.jar > pocs/crash-2e2e45d90c0e63d10f58e635c9d679dd7cbd3a06 > ``` > > Any further discussion for this vulnerability including fix is welcomed! > Feel free to contact me at [email protected] > (https://github.com/ZanderHuang) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
