Описание
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libcommons-compress-java | fixed | 1.21-1 | package | |
| libcommons-compress-java | no-dsa | bullseye | package | |
| libcommons-compress-java | no-dsa | buster | package | |
| libcommons-compress-java | no-dsa | stretch | package |
Примечания
https://www.openwall.com/lists/oss-security/2021/07/13/4
https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ef5d70b625000e38404194aaab311b771c44efda
https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f
Связанные уязвимости
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
Improper Handling of Length Parameter Inconsistency in Compress
Уязвимость службы сжатия архиватора Apache Commons Compress, позволяющая нарушителю вызвать отказ в обслуживании