[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17461914#comment-17461914
]
Calven commented on LOG4J2-3230:
--------------------------------
[~jbristow] Hi. The official website shows the vulnerability in this issue may
lead to StackOverflowError, but using your sample code, it seems just generate
a huge amount of logs and reach "Java.lang.IllegalStateException: Infinite loop
in property interpolation" and the program ret code still be 0. It seems
doesn't reach the StackOverflowError. Can anyone declare why StackOverflowError
may happen? Thanks.
Besides, the critics of this project are insane, I believe this project really
did a lot of contributions to the modern digital world. May we be truly
thankful.
> Certain strings can cause infinite recursion
> --------------------------------------------
>
> Key: LOG4J2-3230
> URL: https://issues.apache.org/jira/browse/LOG4J2-3230
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.8, 2.8.1, 2.8.2, 2.9.0, 2.9.1, 2.10.0, 2.11.0, 2.11.1,
> 2.11.2, 2.12.0, 2.12.1, 2.13.0, 2.13.1, 2.13.2, 2.14.0, 2.13.3, 2.14.1,
> 2.15.0, 2.16.0
> Reporter: Ross Cohen
> Assignee: Carter Kozak
> Priority: Major
> Fix For: 2.17.0
>
> Attachments: image-2021-12-18-21-47-28-447.png,
> image-2021-12-18-21-47-56-798.png, image-2021-12-18-21-52-59-965.png,
> image-2021-12-18-21-53-20-306.png, sample.tar.gz
>
>
> If a string substitution is attempted for any reason on the following string,
> it will trigger an infinite recursion, and the application will crash:
> ${${::\-${::\-$${::\-j}}}}.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
