CVE-2012-2098

Uncontrolled Resource Consumption in Apache Commons Compress in maven/org.apache.commons/commons-compress

Identifiers

GHSA-6fxm-66hq-fc96, CVE-2012-2098

Package Slug

maven/org.apache.commons/commons-compress

Vulnerability

Uncontrolled Resource Consumption in Apache Commons Compress

Description

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

Affected Versions

All versions before 1.4.1

Solution

Upgrade to version 1.4.1 or above.

Last Modified

2022-07-24

source