Lucene search
K
ApacheCommons Compress

11 matches found

CVE
CVE
added 2024/02/19 8:31 a.m.470 views

CVE-2024-26308

CVE-2024-26308 affects Apache Commons Compress: Allocation of Resources Without Limits or Throttling. The IBM bulletin lists the vulnerability as present in Apache Commons Compress 1.21 through 1.25.x and fixes it in 1.26. Impact is resource exhaustion/denial of service with a base score of 5.5 (...

5.5CVSS6.8AI score0.00898EPSS
CVE
CVE
added 2023/09/14 7:45 a.m.461 views

CVE-2023-42503

CVE-2023-42503: In Apache Commons Compress TAR parsing, improper input validation of pax header time fields (atime/mtime/ctime/LIBARCHIVE.creationtime) can be exploited to trigger denial-of-service via CPU exhaustion. A malformed TAR file crafted with extreme fractional times (or exponent notatio...

5.5CVSS6.7AI score0.00489EPSS
CVE
CVE
added 2024/02/19 8:33 a.m.447 views

CVE-2024-25710

CVE-2024-25710 describes a Loop with Unreachable Exit Condition (Infinite Loop) in Apache Commons Compress, affecting versions 1.3 through 1.25.0. The issue is identified as a vulnerability in the compression library, with impact details indicating high severity in some advisories and a 5.5–8.1 C...

8.1CVSS6.8AI score0.00441EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.400 views

CVE-2021-36090

CVE-2021-36090 affects Apache Commons Compress zip handling: reading a specially crafted ZIP can allocate excessive memory, causing an out-of-memory DoS. Supported details from IBM/AWS advisories point to a fix in Commons Compress (upgrade to 1.21+; e.g., Amazon Linux advisories list apache-commo...

7.5CVSS7.5AI score0.13292EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.322 views

CVE-2021-35515

CVE-2021-35515 is an infinite-loop denial-of-service in Apache Commons Compress when reading a crafted 7Z archive. The issue arises during the construction of the codecs list used to decompress an entry, potentially consuming unbounded CPU and impacting services that rely on the sevenz package. C...

7.5CVSS7.2AI score0.11879EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.317 views

CVE-2021-35517

CVE-2021-35517 affects Apache Commons Compress tar handling. The vulnerability, triggered by reading a specially crafted TAR archive, can cause Compress to allocate excessive memory, potentially leading to an out-of-memory condition and a denial-of-service against services using Compress’ tar pac...

7.5CVSS7.5AI score0.10901EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.298 views

CVE-2021-35516

CVE-2021-35516 affects Apache Commons Compress (the sevenz package). A specially crafted 7Z archive can cause the library to allocate excessive memory, ultimately causing an out-of-memory condition and a denial-of-service on services that use Compress’ sevenz component. The initial description do...

7.5CVSS7.3AI score0.12697EPSS
CVE
CVE
added 2019/08/29 12:0 a.m.227 views

CVE-2019-12402

CVE-2019-12402 affects Apache Commons Compress 1.15–1.18, where the internal file-name encoding can loop infinitely and cause DoS when processing crafted archives. Connected docs show multiple vendors referencing this CVE in product advisories (e.g., Atlassian Confluence with dependency notes; IB...

7.5CVSS7.1AI score0.16157EPSS
CVE
CVE
added 2012/06/29 12:0 a.m.176 views

CVE-2012-2098

CVE-2012-2098 affects Apache Commons Compress (BZip2CompressorOutputStream). The vulnerability is an algorithmic complexity in the sorting routines used by the bzip2 stream, allowing an attacker to cause CPU exhaustion (DoS) by feeding input with many repeating patterns. Affected product: Apache ...

5CVSS5.3AI score0.12608EPSS
CVE
CVE
added 2018/08/16 3:0 p.m.149 views

CVE-2018-11771

CVE-2018-11771 affects the Apache Commons Compress ZipArchiveInputStream (versions 1.7 through 1.17). The issue is that reading a specially crafted ZIP archive may fail to return a correct EOF indication after the stream ends, which when combined with a java.io.InputStreamReader can lead to an in...

5.5CVSS5.3AI score0.05253EPSS
CVE
CVE
added 2018/03/16 1:0 p.m.143 views

CVE-2018-1324

CVE-2018-1324 : Apache Commons Compress multiple advisories describe an infinite‑loop DoS in the Zip extra field parser used by ZipFile/ZipArchiveInputStream (versions 1.11–1.15). A specially crafted ZIP can cause an infinite loop, impacting services that use the library. Public docs confirm this...

5.5CVSS5.3AI score0.03681EPSS