Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:31200
HistoryJul 14, 2021 - 6:32 a.m.

Denial Of Service (DoS)

2021-07-1406:32:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21
commons-compress
denial of service
vulnerability
7z archive
malicious
infinite loop .

EPSS

0.021

Percentile

89.3%

commons-compress is vulnerable to denial of service. Failure to check the size of PAX header against the size of the current entry allows an attacker to send a malicious 7Z archive to trigger an infinite loop.

References