An unbounded array allocation flaw in Apache OpenNLP creates a risk of Denial of Service, requiring an immediate update to version 2 or later.

The vulnerability exists in the AbstractModelReader component of Apache OpenNLP, which fails to properly validate input, leading to unbounded array allocation. This causes an Out-of-Memory (OOM) condition when processing malicious input files.

With a CVSS score of 7.5, this vulnerability presents a significant risk to the availability of applications utilizing OpenNLP. Successful exploitation could crash services, leading to downtime for systems that rely on the library for natural language processing tasks.

Immediate Action: Update the Apache OpenNLP library to version 2 or higher immediately to incorporate the necessary bounds checking.

Proactive Monitoring: Monitor application memory usage for sudden spikes or OOM errors when processing model files from untrusted sources.

Compensating Controls: Implement strict file size and type validation for any inputs processed by the OpenNLP library to prevent the processing of malicious payloads.

Public Exploit Available: false

Developers should prioritize upgrading to the latest version of Apache OpenNLP to eliminate this DoS vector. Ensuring that all dependencies are current is essential for maintaining application stability and security.