CVE-2012-2098 – org.apache.commons:commons-compress

Package

Manager: maven
Name: org.apache.commons:commons-compress
Vulnerable Version: >=0 <1.4.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.03171 pctl0.86432

Details

Uncontrolled Resource Consumption in Apache Commons Compress Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

Metadata

Created: 2022-05-13T01:07:05Z
Modified: 2024-02-22T15:15:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6fxm-66hq-fc96/GHSA-6fxm-66hq-fc96.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-6fxm-66hq-fc96
Finding: F067
Auto approve: 1