CVE-2008-7227: PartialBufferOutputStream2 flush issues

May 17, 2022 (updated July 10, 2024)

Withdrawn

This advisory has been withdrawn as there the effects of the bug would only give the caller an incomplete view of data which they would be authorized to see.

Original Advisory

PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an “in memory buffer,” which prevents the reporting of a service exception, with unknown impact and attack vectors.

References

github.com/advisories/GHSA-8hmh-mhqv-7638
github.com/github/advisory-database/pull/4585
nvd.nist.gov/vuln/detail/CVE-2008-7227
osgeo-org.atlassian.net/browse/GEOS-1747

Code Behaviors & Features

Detect and mitigate CVE-2008-7227 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →