Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
According to the report, calling the modPow method in the DoubleModMath class may lead to stack overflow classified as CWE-125 (out-of-bounds read). The report has been disputed because there is evidence suggesting it was generated by a tool lacking sufficient precision to identify vulnerabilities. Therefore, the reliability of the described attack mechanism is uncertain.
If the vulnerability were real, an attacker could potentially compromise the confidentiality, integrity, and availability of the system — however, there is a lack of reliable evidence confirming the exploitability of this report.
Apply patches available from the vendor according to references. Due to the disputed nature of the vulnerability, it is recommended to monitor official Apfloat project communications at http://apfloat.com and the GitHub repository.
Apfloat v1.10.1 (product by Mikkotommila). The vulnerability is disputed — consult vendor references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMikkotommila Apfloat
APPMikkotommila1.10.1