Excessive Iteration Vulnerability
Description
Product Alert – November 2024 - CVE-2024-8049
- Telerik Document Processing 2024 Q3 (2024.3.806) or earlier.
Issue
CWE-834 Excessive Iteration
What Are the Impacts
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.
Solution
We have addressed the issue and the Progress Telerik team strongly recommends performing an upgrade to the latest version listed in the table below.
| Current Version | Guidance |
|---|---|
| 2024 Q3 (2024.3.806) or earlier | Update to 2024 Q4 (2024.4.1106) (update instructions) |
All customers who have a Telerik license can access the downloads here Product Downloads | Your Account. Note, Telerik Document Processing is not a separately downloadable product, it is found within the distribution of the product you are using.
Notes
- To check your version of Document Processing, look at the Properties of
Telerik.Documents.*.dll(orTelerik.Windows.Document.*.dll) files and inspect the Version value. - If you have any questions or concerns related to this issue, open a new Technical Support case in Your Account | Support Center. Technical Support is available to Telerik customers with an active support plan.
External References
CVE-2024-8049 (MEDIUM)
CVSS: 6.5
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.