Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1324

Опубликовано: 16 мар. 2018
Источник: debian
EPSS Низкий

Описание

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libcommons-compress-javafixed1.13-2package
libcommons-compress-javano-dsastretchpackage
libcommons-compress-javanot-affectedjessiepackage
libcommons-compress-javanot-affectedwheezypackage

Примечания

  • Fixed by: https://git-wip-us.apache.org/repos/asf?p=commons-compress.git;a=blobdiff;f=src/main/java/org/apache/commons/compress/archivers/zip/X0017_StrongEncryptionHeader.java;h=acc3b22346b49845e85b5ef27a5814b69e834139;hp=0feb9c98cc622cde1defa3bbd268ef82b4ae5c18;hb=2a2f1dc48e22a34ddb72321a4db211da91aa933b;hpb=dcb0486fb4cb2b6592c04d6ec2edbd3f690df5f2

  • https://issues.apache.org/jira/browse/COMPRESS-432

EPSS

Процентиль: 82%
0.01665
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-1324

CVSS3: 5.5
ubuntu
почти 8 лет назад

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

redhat логотип

CVE-2018-1324

CVSS3: 7.5
redhat
почти 8 лет назад

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

nvd логотип

CVE-2018-1324

CVSS3: 5.5
nvd
почти 8 лет назад

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

github логотип

GHSA-h436-432x-8fvx

CVSS3: 5.5
github
почти 7 лет назад

Apache Commons Compress vulnerable to denial of service due to infinite loop

fstec логотип

BDU:2021-01429

CVSS3: 6.5
fstec
около 8 лет назад

Уязвимость реализации классов ZipFile и ZipArchiveInputStream набора инструментов для сжатия Commons Compress, связанная с бесконечной работой цикла, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 82%
0.01665
Низкий